path: root/polish/security/2004/dsa-536.wml

#use wml::debian::translation-check translation="1.3" maintainer=""
#pddp rafalm80
<define-tag description>several vulnerabilities</define-tag>
<define-tag moreinfo>
<p>Chris Evans discovered several vulnerabilities in libpng:</p>

<ul>

<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597">CAN-2004-0597</a>
 <p>Multiple buffer overflows exist, including when
 handling transparency chunk data, which could be exploited to cause
 arbitrary code to be executed when a specially crafted PNG image is
 processed</p>

<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598">CAN-2004-0598</a>
 <p>Multiple NULL pointer dereferences in
 png_handle_iCPP() and elsewhere could be exploited to cause an
 application to crash when a specially crafted PNG image is processed</p>

<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599">CAN-2004-0599</a>
 <p>Multiple integer overflows in the png_handle_sPLT(),
 png_read_png() functions and elsewhere could be exploited to cause an
 application to crash, or potentially arbitrary code to be executed,
 when a specially crafted PNG image is processed</p>

<p>In addition, a bug related to <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363">CAN-2002-1363</a> was fixed:</p>

<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0768">CAN-2004-0768</a>
 <p>A buffer overflow could be caused by incorrect
 calculation of buffer offsets, possibly leading to the execution of
 arbitrary code</p>

</ul>

<p>For the current stable distribution (woody), these problems have been
fixed in libpng3 version 1.2.1-1.1.woody.7 and libpng version
1.0.12-3.woody.7.</p>

<p>For the unstable distribution (sid), these problems will be fixed soon.</p>

<p>We recommend that you update your libpng and libpng3 packages.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2004/dsa-536.data"