No, libpng10, 12, and 14 were not affected.
Libpng15, 16, and 17beta were fixed in January 2013.


On Fri, Apr 11, 2014 at 7:00 AM, Paul Howarth <paul@city-fan.org> wrote:
On 10/04/14 21:43, Glenn Randers-Pehrson wrote:
> http://sourceforge.net/p/libpng/bugs/199/
>
> Use CVE-2013-7353 for "png_set_unknown_chunks in libpng/pngset.c ...
> Fixed in libpng-1.5.14beta08"
>
> ("has four integer overflow bugs" is apparently a typo of "has one
> integer overflow bug")
>
> Use CVE-2013-7354 for "The png_set_sPLT() and png_set_text_2()
> functions have a similar bug, which is fixed in libpng-1.5.14rc03" --
> this has a different discoverer.
>
> The vendor mentions that internal calls use safe values. These issues
> could potentially affect applications that use the libpng API.
> Apparently no such applications were identified as part of the work on
> bug 199.
>
> - --
> CVE assignment team, MITRE CVE Numbering Authority
> M/S M300
> 202 Burlington Road, Bedford, MA 01730 USA
>
> I'll update the CHANGES files for libpng15, 16, and 17 to include
>
> these CVE numbers in the appropriate January 2013 entries.

Is libpng10 affected by either of these issues?

Paul.

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
png-mng-implement mailing list
png-mng-implement@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/png-mng-implement