Heap-based buffer overflow in the png_combine_row function in libpng ( CVE-2014-9495 )

  • 7016082
  • 21-Jan-2015
  • 21-Jan-2015

Environment

Novell Filr
Novell GroupWise
Novell iPrint Appliance

Novell Messenger

Novell Open Enterprise Server

Novell Service Desk
Novell ZENworks

Situation

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16 might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

Resolution

The following Novell products are NOT affected by this vulnerability:

Novell Filr
Novell GroupWise
Novell iPrint Appliance

Novell Messenger

Novell Open Enterprise Server

Novell Service Desk
Novell ZENworks

Additional Information

Feedback service temporarily unavailable. For content questions or problems, please contact Support.