=========================================================== Ubuntu Security Notice USN-1-1 October 22, 2004 PNG library vulnerabilities CAN-2004-0955 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libpng12-0 libpng12-dev libpng10-0 libpng10-dev The problem can be corrected by upgrading the affected package to version 1.2.5.0-7ubuntu1 (libpng12-0 and libpng12-dev) or 1.0.15-6ubuntu1 (libpng10-0 and libpng10-dev). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Several integer overflow vulnerabilities were discovered in the PNG library. These vulnerabilities could be exploited by an attacker by providing a specially crafted PNG image which, when processed by the PNG library, could result in the execution of program code provided by the attacker. The PNG library is used by a variety of software packages for different purposes, so the exact nature of the exposure will vary depending on the software involved.