[NTG-pdftex] Libpng-1.0.25 and libpng-1.2.17

Martin Schröder martin at oneiros.de
Wed May 16 00:31:23 CEST 2007


---------- Forwarded message ----------
From: Glenn Randers-Pehrson <glennrp at comcast.net>
Date: 15.05.2007 23:05
Subject: [png-mng-implement] Libpng-1.0.25 and libpng-1.2.17
To: png-mng-implement at lists.sf.net
Cc: png-mng-announce at lists.sf.net


libpng-1.0.25 and libpng-1.2.17 are available at
ftp://ftp.simplesystems.org/pub/png/src
and at
libpng.sf.net

These releases fix a vulnerability in png_handle_tRNS() by which
a malformed PNG file can crash a libpng application.  The bug has
existed since libpng-0.90.  The vulnerability is identified as
CVE-2007-2445 and CERT VU#684664.

Glenn

-------------------------------------------------------------------------
Merging the changes was easy; it will be included in 1.40.4.

Best
   Martin


More information about the ntg-pdftex mailing list