Security Information / 2012 / Security Information -- DSA-2439-1 libpng

Debian Security Advisory

DSA-2439-1 libpng -- buffer overflow

Date Reported:

22 Mar 2012

Affected Packages:

libpng

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-3045.

More information:

Glenn-Randers Pehrson discovered an buffer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.

For the stable distribution (squeeze), this problem has been fixed in version 1.2.44-1+squeeze3. Packages for i386 are not yet available, but will be provided shortly.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your libpng packages.