A local overflow exists in libpng. The library function png_read_png() fails to validate the height of input PNG files resulting in a possible integer overflow. With a specially crafted request, a context-dependent attacker might cause a crash of the application resulting in a loss of availability.
Classification
Location:
Context Dependent
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Solution:
Upgrade
Exploit:
Exploit Unknown
Disclosure:
Vendor Verified
Solution
It has been reported that this issue has been fixed. Upgrade to version 1.0.16rc1, 1.2.6rc1, or higher, to address this vulnerability.