[BLFS Trac] #2836: libpng-1.2.35

BLFS Trac trac at linuxfromscratch.org
Thu Feb 19 06:25:11 PST 2009

#2836: libpng-1.2.35
 Reporter:  randy@…                     |       Owner:  randy@…                   
     Type:  task                        |      Status:  new                       
 Priority:  high                        |   Milestone:  6.4                       
Component:  BOOK                        |     Version:  SVN                       
 Severity:  major                       |    Keywords:                            
 Version increment to 1.2.35


 The changes in this release are as follows:
 This release fixes a newly discovered vulnerability in which some
 arrays of pointers are not initialized prior to using malloc to define
 the pointers. If the application runs out of memory while executing
 the allocation loop (which can be forced by malevolent input), libpng
 will jump to a cleanup process that attempts to free all of the
 pointers, including the undefined ones.

 Release focus:
 9 - Major security fixes

Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/2836>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch

More information about the blfs-book mailing list