You are here

V-074: IBM Informix Genero libpng Integer Overflow Vulnerability

January 22, 2013 - 12:11am

Addthis

PROBLEM:

IBM Informix Genero libpng Integer Overflow Vulnerability

PLATFORM:

IBM Informix Genero releases prior to 2.41 - all platforms

ABSTRACT:

A vulnerability has been reported in libpng.

REFERENCE LINKS:

IBM Security Bulletin: 1620982
Secunia Advisory SA51905
Secunia Advisory SA48026
CVE-2011-3026

IMPACT ASSESSMENT:

Medium

DISCUSSION:

The libpng library used by IBM Informix Genero contains an integer overflow vulnerability. If you use IBM Informix Genero to handle PNG (Portable Network Graphics) image files and an attacker causes your IBM Informix Genero program to open or display a malicious PNG file, your IBM Informix Genero application might crash, or could be caused to run malicious code with the privileges of the user running the application.

IMPACT:

Malicious people to potentially compromise an application using the library.

SOLUTION:

Update to version 1.0.57, 1.2.47, 1.4.9, or 1.5.9.

 

Addthis