Launchpad.net

CVE 2006-3334

Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".

Related bugs and status

CVE-2006-3334 (Candidate) is related to these bugs:

Bug #185178: Please sponsor libpng 1.2.24

Summary				In	Importance	Status
	185178	Please sponsor libpng 1.2.24		libpng (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 18698
GENTOO: GLSA-200607-06
SUSE: SUSE-SR:2006:016
SECUNIA: 22956
SECUNIA: 22957
SECUNIA: 22958
SUSE: SUSE-SR:2006:028
SECUNIA: 23335
SECUNIA: 20960
CONFIRM: https://issues.rpath.c...
MANDRIVA: MDKSA-2006:209
MANDRIVA: MDKSA-2006:210
MANDRIVA: MDKSA-2006:211
MANDRIVA: MDKSA-2006:212
MANDRIVA: MDKSA-2006:213
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2008-03-18
SECUNIA: 29420
SECUNIA: 33137
GENTOO: GLSA-200812-15
VUPEN: ADV-2006-2585
VUPEN: ADV-2008-0924
CONFIRM: http://sourceforge.net...
XF: libpng-pngdecompressch...
BUGTRAQ: 20060719 rPSA-2006-013...