2009-01-15 17:00:00
mitre
PUBLISHED
The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the 0 character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.