[Bug 1281756] New: CVE-2015-8126 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions

bugzilla at redhat.com bugzilla at redhat.com
Fri Nov 13 11:54:40 UTC 2015


https://bugzilla.redhat.com/show_bug.cgi?id=1281756

            Bug ID: 1281756
           Summary: CVE-2015-8126 libpng: Buffer overflow vulnerabilities
                    in png_get_PLTE/png_set_PLTE functions
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team at redhat.com
          Reporter: amaris at redhat.com
                CC: drizt at land.ru, erik-fedora at vanpienbroek.nl,
                    fedora-mingw at lists.fedoraproject.org,
                    ktietz at redhat.com, lfarkas at lfarkas.org,
                    paul at city-fan.org, phracek at redhat.com,
                    rjones at redhat.com



Buffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE,
allowing remote attackers to cause DoS to application or have unspecified other
impact. These functions failed to check for an out-of-range palette when
reading or writing PNG files with a bit_depth less than 8. Some applications
might read the bit depth from the IHDR chunk and allocate memory for a 2^N
entry palette, while libpng can return a palette with up to 256 entries even
when the bit depth is less than 8.

Affected versions of libpng are before 1.0.64, 1.1.x and 1.2.x before 1.2.54,
1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19.

Upstream patches:

https://github.com/glennrp/libpng/commit/81f44665cce4cb1373f049a76f3904e981b7a766
https://github.com/glennrp/libpng/commit/a901eb3ce6087e0afeef988247f1a1aa208cb54d
https://github.com/glennrp/libpng/commit/1bef8e97995c33123665582e57d3ed40b57d5978
https://github.com/glennrp/libpng/commit/83f4c735c88e7f451541c1528d8043c31ba3b466

CVE assignment:

http://seclists.org/oss-sec/2015/q4/264

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=kwjqAGuHqm&a=cc_unsubscribe


More information about the mingw mailing list