-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow.
Solution: update libpng10 to 1.0.20 and libpng12 to 1.2.12 More information: http://security.gentoo.org/glsa/glsa-200607-06.xml http://sourceforge.net/project/shownotes.php?release_id=428120&group_id=5624 http://sourceforge.net/project/shownotes.php?release_id=428123&group_id=5624 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334 Yaakov -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEvqSIpiWmPGlmQSMRApYoAKDbud9Gbaz5zHhoHQwWHgWMKUTMKQCg9KqG 55939kaak74FctqLKEa23Qk= =OQP5 -----END PGP SIGNATURE-----