USN-538-1: libpng vulnerabilities

Ubuntu Security Notice USN-538-1

25th October, 2007

libpng vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.10
  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06 LTS

Software description

  • libpng


It was discovered that libpng did not properly perform bounds checking
and comparisons in certain operations. An attacker could send a specially
crafted PNG image and cause a denial of service in applications linked
against libpng.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 7.10:
libpng12-0 1.2.15~beta5-2ubuntu0.1
Ubuntu 7.04:
libpng12-0 1.2.15~beta5-1ubuntu1.1
Ubuntu 6.10:
libpng12-0 1.2.8rel-5.1ubuntu0.3
Ubuntu 6.06 LTS:
libpng12-0 1.2.8rel-5ubuntu0.3

To update your system, please follow these instructions:

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.


CVE-2007-5268, CVE-2007-5269