PublicDate: 2008-09-11 01:13:00 UTC
Candidate: CVE-2008-3964
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3964
 https://ubuntu.com/security/notices/USN-730-1
Description:
 Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before
 1.4.0beta34, allow context-dependent attackers to cause a denial of service
 (crash) or have unspecified other impact via a PNG image with crafted zTXt
 chunks, related to (1) the png_push_read_zTXt function in pngread.c, and
 possibly related to (2) pngtest.c.
Ubuntu-Description:
Notes:
 jdstrand> off-by-one error in pngpread.c not introduced until 1.2.30, pngtest
  is affected
Bugs:
Priority: low
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_libpng:
upstream_libpng: released (1.2.27-2)
dapper_libpng: released (1.2.8rel-5ubuntu0.4)
feisty_libpng: needed (reached end-of-life)
gutsy_libpng: released (1.2.15~beta5-2ubuntu0.2)
hardy_libpng: released (1.2.15~beta5-3ubuntu0.1)
intrepid_libpng: released (1.2.27-1ubuntu0.1)
devel_libpng: not-affected (1.2.27-2ubuntu1)