Mozilla Foundation Security Advisory 2012-11

libpng integer overflow

Announced
February 16, 2012
Impact
Critical
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
Fixed in
  • Firefox 10.0.2
  • Firefox 3.6.27
  • Firefox ESR 10.0.2
  • SeaMonkey 2.7.2
  • Thunderbird 10.0.2
  • Thunderbird 3.1.19
  • Thunderbird ESR 10.0.2

Description

An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable.

References