Version m5-rc14 of the Android SDK includes a fix and is not vulnerable
to this bug.
#2 - PNG image parsing, multiple vulnerabilities:
The Portable Network Graphics (PNG) is a bitmapped image format that
employs lossless data compression [9]. PNG was created to improve upon
and replace the GIF format as an image file format that does not require
a patent license.
The library 'libsgl.so' used by Android's WebKit contains commonly used
ESX 2.5.5 ESX not affected
b. Updated libpng package for the ESX 2.5.5 Service Console
The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
A flaw was discovered in libpng that could result in libpng trying
to free() random memory if certain, unlikely error conditions
occurred. If a carefully-crafted PNG file was loaded by an
application linked against libpng, it could cause the application
Background
==========
Pngcrush is a multi platform optimizer for PNG (Portable Network
Graphics) files.
Affected packages
=================
-------------------------------------------------------------------
Background
==========
gif2png is a command line program that converts image files from the
Graphics Interchange Format (GIF) format to the Portable Network
Graphics (PNG) format.
Affected packages
=================
-------------------------------------------------------------------
Background
==========
libpng is a standard library used to process PNG (Portable Network
Graphics) images. It is used by several programs, including web
browsers and potentially server processes.
Affected packages
=================
