Several vulnerabilities exist in the libpng library, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng is a popular reference library available for application developers to support the PNG image format. Several vulnerabilities have been reported in the libpng library. Any application or system that uses this library may be affected.
Solution
Apply the appropriate patch or upgrade as specified by your vendor. For vendor-specific responses, please see your vendor's web site or the individual vulnerability notes. For individuals who rely on the original source of libpng, these issues have been resolved in libpng version 1.2.6rc1 (release candidate 1).
News source: US-Cert
-1 Comments - Add comment