Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
--- Comment #8 from Tomas Hoger <thoger(a)redhat.com> 2009-06-09 12:14:26 EDT ---
(In reply to comment #7)
Calling this a security issue seems like a bit of a stretch.
Yeah, that was reaction too, when seeing upstream announcement.
You can only read portions of individual bytes, you can't control
well which bytes those are, and the whole thing depends on the
application's display code being seriously buggy (i.e. showing garbage
pixels on the right side of an image).
I believe applications displaying images using libpng were not really assumed
attack vector, as those can only show those leaked bytes to the user running
application, so that case is non-issue. I guess they may have assumed some
automated image processing (such as image conversion using ImageMagick's
convert, or CUPS printing) as a vector, though even without checking if any
such application can return leaked bytes in some output attacker can see and
use, the leak seem rather limited, not easily predictable and not too likely to
yield any valuable data.
Have you already looked into what application must do wrong to process those
garbage pixels at all?
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.