Heap-based buffer overflow in the png_combine_row function in libpng ( CVE-2014-9495 )

Document ID:7016082
Creation Date:21-Jan-2015
Modified Date:21-Jan-2015
- Micro Focus Products:
  Filr
  GroupWise
  GroupWise Messenger
  iPrint
  Open Enterprise Server
  ZENworks Server Management

Environment

Novell Filr
Novell GroupWise
Novell iPrint Appliance

Novell Messenger

Novell Open Enterprise Server

Novell Service Desk
Novell ZENworks

Situation

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16 might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

Resolution

The following Novell products are NOT affected by this vulnerability:

Novell Filr
Novell GroupWise
Novell iPrint Appliance

Novell Messenger

Novell Open Enterprise Server

Novell Service Desk
Novell ZENworks

Additional Information

https://support.novell.com/security/cve/CVE-2014-9495.html

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9495

© Micro Focus. Please see Terms of Use applicable to this content.