Solution
Please Install the Updated Packages.
Insight
The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.
An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692)
Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
Affected
libpng10 on CentOS 4
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2692 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities