-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow.
Solution: update libpng10 to 1.0.20 and libpng12 to 1.2.12
More information:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yaakov S (Cygwin Ports) wrote:
Yaakov S (Cygwin Ports) wrote:
Multiple vulnerabilities, ranging from integer overflows and NULL
pointer dereferences to double frees, were reported in libTIFF.
And now, there's more:
A buffer overflow has been