libpng: Incomplete fix for CVE-2015-8126 (CVE-2015-8472)
It was discovered that the original fix for CVE-2015-8126 was incomplete
and did not detect
a potential overrun by applications using png_set_PLTE directly. A
remote attacker can take advantage
of this flaw to cause a denial of service (application crash).
Use CVE-2015-8472 for this remaining problem that existed in 1.6.19
Fixed in 1.6.20
References:
https://marc.info/?l=oss-security&m=144929077710907&w=2
https://bugzilla.novell.com/show\_bug.cgi?id=CVE-2015-8472
(from redmine: issue id 5019, created on 2016-01-14, closed on 2016-01-29)
- Relations:
- child #5020 (closed)
- child #5021 (closed)
- child #5022 (closed)
- child #5023 (closed)