https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Bug ID: 1281756
Summary: CVE-2015-8126 libpng: Buffer overflow vulnerabilities
in png_get_PLTE/png_set_PLTE functions
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-t...@redhat.com
Reporter: ama...@redhat.com
CC: dr...@land.ru, erik-fed...@vanpienbroek.nl,
fedora-mi...@lists.fedoraproject.org,
kti...@redhat.com, lfar...@lfarkas.org,
p...@city-fan.org, phra...@redhat.com,
rjo...@redhat.com
Buffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE,
allowing remote attackers to cause DoS to application or have unspecified other
impact. These functions failed to check for an out-of-range palette when
reading or writing PNG files with a bit_depth less than 8. Some applications
might read the bit depth from the IHDR chunk and allocate memory for a 2^N
entry palette, while libpng can return a palette with up to 256 entries even
when the bit depth is less than 8.
Affected versions of libpng are before 1.0.64, 1.1.x and 1.2.x before 1.2.54,
1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19.
Upstream patches:
https://github.com/glennrp/libpng/commit/81f44665cce4cb1373f049a76f3904e981b7a766
https://github.com/glennrp/libpng/commit/a901eb3ce6087e0afeef988247f1a1aa208cb54d
https://github.com/glennrp/libpng/commit/1bef8e97995c33123665582e57d3ed40b57d5978
https://github.com/glennrp/libpng/commit/83f4c735c88e7f451541c1528d8043c31ba3b466
CVE assignment:
http://seclists.org/oss-sec/2015/q4/264
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=kwjqAGuHqm&a=cc_unsubscribe
_______________________________________________
mingw mailing list
mingw@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/mingw
