CVE-2008-6218

Publication date 20 February 2009

Last updated 24 July 2024


Ubuntu priority

Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.

Read the notes from the security team

Status

Package Ubuntu Release Status
libpng 8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
6.06 LTS dapper
Not affected

Notes


jdstrand

Ubuntu versions should not be affected because they do not use png_ptr->chunkdata. This member wasn't introduced until 1.2.30.