Mozilla Foundation Security Advisory 2012-11
Title: libpng integer overflow
Impact: Critical
Announced: February 16, 2012
Reporter:
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 10.0.2
Firefox ESR 10.0.2
Firefox 3.6.27
Thunderbird 10.0.2
Thunderbird ESR 10.0.2
Thunderbird 3.1.19
SeaMonkey 2.7.2
Description
An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable.
References
libpng: integer overflow leading to heap-buffer overflow
CVE-2011-3026