*** This bug is a duplicate of bug 1516592 *** https://bugs.launchpad.net/bugs/1516592
** Information type changed from Private Security to Public Security ** This bug has been marked a duplicate of bug 1516592 Multiple buffer overflows -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libpng in Ubuntu. https://bugs.launchpad.net/bugs/1516651 Title: buffer overflows in libpng (CVE-2015-8126) Status in libpng package in Ubuntu: New Bug description: "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image." https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126 http://www.openwall.com/lists/oss-security/2015/11/12/2 It seems that the used libpng versions are vulnerable to buffer overflow (possibly even RCE) and I would recommend patching them. If I got this wrong I apologize -- Relative Ubuntu newbie here. :) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpng/+bug/1516651/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp