[Bug 1281756] New: CVE-2015-8126 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
bugzilla at redhat.com
bugzilla at redhat.com
Fri Nov 13 11:54:40 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Bug ID: 1281756
Summary: CVE-2015-8126 libpng: Buffer overflow vulnerabilities
in png_get_PLTE/png_set_PLTE functions
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team at redhat.com
Reporter: amaris at redhat.com
CC: drizt at land.ru, erik-fedora at vanpienbroek.nl,
fedora-mingw at lists.fedoraproject.org,
ktietz at redhat.com, lfarkas at lfarkas.org,
paul at city-fan.org, phracek at redhat.com,
rjones at redhat.com
Buffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE,
allowing remote attackers to cause DoS to application or have unspecified other
impact. These functions failed to check for an out-of-range palette when
reading or writing PNG files with a bit_depth less than 8. Some applications
might read the bit depth from the IHDR chunk and allocate memory for a 2^N
entry palette, while libpng can return a palette with up to 256 entries even
when the bit depth is less than 8.
Affected versions of libpng are before 1.0.64, 1.1.x and 1.2.x before 1.2.54,
1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19.
Upstream patches:
https://github.com/glennrp/libpng/commit/81f44665cce4cb1373f049a76f3904e981b7a766
https://github.com/glennrp/libpng/commit/a901eb3ce6087e0afeef988247f1a1aa208cb54d
https://github.com/glennrp/libpng/commit/1bef8e97995c33123665582e57d3ed40b57d5978
https://github.com/glennrp/libpng/commit/83f4c735c88e7f451541c1528d8043c31ba3b466
CVE assignment:
http://seclists.org/oss-sec/2015/q4/264
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=kwjqAGuHqm&a=cc_unsubscribe
More information about the mingw
mailing list