The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
During an audit of Red Hat Linux updates, the Fedora Legacy team found a
security issue in libpng that had not been fixed in Red Hat Enterprise
Linux 3. An attacker could carefully craft a PNG file in such a way that
it would cause an application linked to libpng to crash or potentially
execute arbitrary code when opened by a victim.
Note: this issue does not affect Red Hat Enterprise Linux 2.1
Users are advised to upgrade to these updated packages that contain a
backported security fix and are not vulnerable to this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | libpng | < 1.2.2-24 | libpng-1.2.2-24.ia64.rpm |
RedHat | any | ia64 | libpng-devel | < 1.2.2-24 | libpng-devel-1.2.2-24.ia64.rpm |
RedHat | any | ia64 | libpng10 | < 1.0.13-14 | libpng10-1.0.13-14.ia64.rpm |
RedHat | any | ia64 | libpng10-devel | < 1.0.13-14 | libpng10-devel-1.0.13-14.ia64.rpm |