https://bugzilla.redhat.com/show_bug.cgi?id=1291312
Bug ID: 1291312
Summary: CVE-2015-8540 libpng: underflow read in
png_check_keyword()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected],
[email protected], [email protected],
[email protected], [email protected],
[email protected], [email protected]
An underflow read was found in png_check_keyword in pngwutil.c in
libpng-1.2.54:
If the data of "key" is only ' ' (0x20), it will read a byte before the buffer
in line 1288.
This issue impacts upstream versions 1.2.55, 1.0.65, 1.4.18, and 1.5.25 of
libpng.
An attacker could possibly use this flaw to cause an out-of-bounds read by
tricking an unsuspecting user into processing a specially crafted PNG image.
CVE assignment:
http://seclists.org/oss-sec/2015/q4/469
Upstream issue:
http://sourceforge.net/p/libpng/bugs/244/
Upstream patch:
http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=qQrX6Dct1p&a=cc_unsubscribe
_______________________________________________
mingw mailing list
[email protected]
http://lists.fedoraproject.org/admin/lists/[email protected]
