PROBLEM:
IBM Informix Genero libpng Integer Overflow Vulnerability
PLATFORM:
IBM Informix Genero releases prior to 2.41 - all platforms
ABSTRACT:
A vulnerability has been reported in libpng.
REFERENCE LINKS:
IBM Security Bulletin: 1620982
Secunia Advisory SA51905
Secunia Advisory SA48026
CVE-2011-3026
IMPACT ASSESSMENT:
Medium
DISCUSSION:
The libpng library used by IBM Informix Genero contains an integer overflow vulnerability. If you use IBM Informix Genero to handle PNG (Portable Network Graphics) image files and an attacker causes your IBM Informix Genero program to open or display a malicious PNG file, your IBM Informix Genero application might crash, or could be caused to run malicious code with the privileges of the user running the application.
IMPACT:
Malicious people to potentially compromise an application using the library.
SOLUTION:
Update to version 1.0.57, 1.2.47, 1.4.9, or 1.5.9.