Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Apple Computer Inc. Information for VU#286464

Date Notified07/16/2004
Date Modified06/01/2005 05:41:05 PM
Status SummaryVulnerable

Vendor Statement

APPLE-SA-2004-09-09 Mac OS X 10.3.5

Mac OS X 10.3.5 is now available and delivers security enhancements
for the following components:

Component: libpng (Portable Network Graphics)
CVE-IDs: CAN-2002-1363, CAN-2004-0421, CAN-2004-0597,
CAN-2004-0598, CAN-2004-0599
Impact: Malicious png images can cause application crashes and could
execute arbitrary code

Description: A number of buffer overflows, null pointer dereferences
and integer overflows have been discovered in the reference library
for reading and writing PNG images. These vulnerabilities have been
corrected in libpng which is used by the CoreGraphics and AppKit
frameworks in Mac OS X. After installing this update, applications
that use the PNG image format via these frameworks will be protected
against these flaws.

Note: The libpng security fixes are also available separately for Mac
OS X 10.3.4 and Mac OS X 10.2.8 via Security Update 2004-08-09.

Mac OS X 10.3.5 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

US-CERT Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information