[2.7] libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (CVE-2015-8126)
Multiple buffer overflows in the (1) png_set_PLTE and (2)
png_get_PLTE
functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x
and 1.4.x
before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote
attackers to cause
a denial of service (application crash) or possibly have unspecified
other impact via a small
bit-depth value in an IHDR (aka image header) chunk in a PNG image.
Fixed in:
1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-8126
http://www.openwall.com/lists/oss-security/2015/11/12/2
http://seclists.org/oss-sec/2015/q4/264
Upstream patches:
https://github.com/glennrp/libpng/commit/81f44665cce4cb1373f049a76f3904e981b7a766
https://github.com/glennrp/libpng/commit/a901eb3ce6087e0afeef988247f1a1aa208cb54d
https://github.com/glennrp/libpng/commit/1bef8e97995c33123665582e57d3ed40b57d5978
https://github.com/glennrp/libpng/commit/83f4c735c88e7f451541c1528d8043c31ba3b466
https://github.com/glennrp/libpng/commit/9f2ad4928e47036cf1ac9b8fe45a491f15be2324
(from redmine: issue id 4886, created on 2015-11-20, closed on 2015-11-30)
- Relations:
- parent #4882 (closed)
- Changesets:
- Revision 752496eb by Natanael Copa on 2015-11-30T14:04:34Z:
main/libpng: security upgrade to 1.6.19 (CVE-2015-8126)
fixes #4886