First published: Wed Dec 09 2015(Updated: )
The libpng packages contain a library of functions for creating and<br>manipulating PNG (Portable Network Graphics) image format files.<br>It was discovered that the png_get_PLTE() and png_set_PLTE() functions of<br>libpng did not correctly calculate the maximum palette sizes for bit depths<br>of less than 8. In case an application tried to use these functions in<br>combination with properly calculated palette sizes, this could lead to a<br>buffer overflow or out-of-bounds reads. An attacker could exploit this to<br>cause a crash or potentially execute arbitrary code by tricking an<br>unsuspecting user into processing a specially crafted PNG image. However,<br>the exact impact is dependent on the application using the library.<br>(CVE-2015-8126, CVE-2015-8472)<br>An array-indexing error was discovered in the png_convert_to_rfc1123()<br>function of libpng. An attacker could possibly use this flaw to cause an<br>out-of-bounds read by tricking an unsuspecting user into processing a<br>specially crafted PNG image. (CVE-2015-7981)<br>All libpng users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/libpng | <1.2.49-2.el6_7 | 1.2.49-2.el6_7 |
redhat/libpng | <1.2.49-2.el6_7 | 1.2.49-2.el6_7 |
redhat/libpng-debuginfo | <1.2.49-2.el6_7 | 1.2.49-2.el6_7 |
redhat/libpng-debuginfo | <1.2.49-2.el6_7 | 1.2.49-2.el6_7 |
redhat/libpng-devel | <1.2.49-2.el6_7 | 1.2.49-2.el6_7 |
redhat/libpng-devel | <1.2.49-2.el6_7 | 1.2.49-2.el6_7 |
redhat/libpng-static | <1.2.49-2.el6_7 | 1.2.49-2.el6_7 |
redhat/libpng-static | <1.2.49-2.el6_7 | 1.2.49-2.el6_7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.