Debian Security Advisory
DSA-2439-1 libpng -- buffer overflow
- Date Reported:
- 22 Mar 2012
- Affected Packages:
- libpng
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-3045.
- More information:
-
Glenn-Randers Pehrson discovered an buffer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.
For the stable distribution (squeeze), this problem has been fixed in version 1.2.44-1+squeeze3. Packages for i386 are not yet available, but will be provided shortly.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your libpng packages.