[libpng/f19] Fix: #1056854 Unhandled zero-length PLTE chunk or NULL palette (CVE-2013-6954)

Petr Hracek phracek at fedoraproject.org
Mon May 26 11:37:42 UTC 2014 

commit 76e88e95a481171543ed2edde57a18487544c115
Author: Petr Hracek <phracek at redhat.com>
Date:   Mon May 26 13:26:54 2014 +0200

    Fix: #1056854 Unhandled zero-length PLTE chunk or NULL palette (CVE-2013-6954)

 libpng-CVE-2013-6954.patch |   27 +++++++++++++++++++++++++++
 libpng.spec                |    8 ++++++--
 2 files changed, 33 insertions(+), 2 deletions(-)
---
diff --git a/libpng-CVE-2013-6954.patch b/libpng-CVE-2013-6954.patch
new file mode 100644
index 0000000..e832a76
--- /dev/null
+++ b/libpng-CVE-2013-6954.patch
@@ -0,0 +1,27 @@
+diff --git a/pngrtran.c b/pngrtran.c
+index 5c6bbd3..fa46280 100644
+--- a/pngrtran.c
++++ b/pngrtran.c
+@@ -1942,6 +1942,9 @@ png_read_transform_info(png_structrp png_ptr, png_inforp info_ptr)
+ 
+          info_ptr->bit_depth = 8;
+          info_ptr->num_trans = 0;
++
++         if (png_ptr->palette == NULL)
++            png_error (png_ptr, "Palette is NULL in indexed image");
+       }
+       else
+       {
+diff --git a/pngset.c b/pngset.c
+index 7e355d1..9ed2de9 100644
+--- a/pngset.c
++++ b/pngset.c
+@@ -527,7 +527,7 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr,
+ #        endif
+       ))
+    {
+-      png_chunk_report(png_ptr, "Invalid palette", PNG_CHUNK_ERROR);
++      png_error(png_ptr, "Invalid palette");
+       return;
+    }
+ 
diff --git a/libpng.spec b/libpng.spec
index fd315bd..ea64320 100644
--- a/libpng.spec
+++ b/libpng.spec
@@ -2,7 +2,7 @@ Summary: A library of functions for manipulating PNG image format files
 Name: libpng
 Epoch: 2
 Version: 1.5.13
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: zlib
 Group: System Environment/Libraries
 URL: http://www.libpng.org/pub/png/
@@ -89,6 +89,10 @@ rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la
 %{_libdir}/libpng*.a
 
 %changelog
+* Mon May 26 2014 Petr Hracek <phracek at redhat.com> - 2:1.5.13-3
+- unhandled zero-length PLTE chunk or NULL palette (CVE-2013-6954) 
+Related: #1056854
+
 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2:1.5.13-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 
@@ -417,7 +421,7 @@ Resolves: #226038
 * Sun Sep  3 2000 Florian La Roche <Florian.LaRoche at redhat.de>
 - only include the man5 man-pages once in the main rpm
 
-* Thu Jul 28 2000 Preston Brown <pbrown at redhat.com>
+* Thu Jul 27 2000 Preston Brown <pbrown at redhat.com>
 - upgrade to 1.0.8 - fixes small memory leak, other bugs
 
 * Thu Jul 13 2000 Prospector <bugzilla at redhat.com>

More information about the scm-commits mailing list