https://bugzilla.redhat.com/show_bug.cgi?id=1291312
Bug ID: 1291312
Summary: CVE-2015-8540 libpng: underflow read in
png_check_keyword()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mprpic(a)redhat.com
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
paul(a)city-fan.org, phracek(a)redhat.com,
rdieter(a)math.unl.edu, rjones(a)redhat.com
An underflow read was found in png_check_keyword in pngwutil.c in
libpng-1.2.54:
If the data of "key" is only ' ' (0x20), it will read a byte before the
buffer
in line 1288.
This issue impacts upstream versions 1.2.55, 1.0.65, 1.4.18, and 1.5.25 of
libpng.
An attacker could possibly use this flaw to cause an out-of-bounds read by
tricking an unsuspecting user into processing a specially crafted PNG image.
CVE assignment:
http://seclists.org/oss-sec/2015/q4/469
Upstream issue:
http://sourceforge.net/p/libpng/bugs/244/
Upstream patch:
http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b8...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=qQrX6Dct1p&a=cc_unsubscribe