[Bug 204551] graphics/png: buffer overflows in libpng 1.6.18
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Nov 14 21:21:17 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204551
Bug ID: 204551
Summary: graphics/png: buffer overflows in libpng 1.6.18
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: portmgr at FreeBSD.org
Reporter: walter at lifeforms.nl
Assignee: portmgr at FreeBSD.org
Flags: maintainer-feedback?(portmgr at FreeBSD.org)
"Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE
functions in libpng [...] before 1.6.19 allow remote attackers to cause a
denial of service (application crash) or possibly have unspecified other impact
via a small bit-depth value in an IHDR (aka image header) chunk in a PNG
image."
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126
http://www.openwall.com/lists/oss-security/2015/11/12/2
Assuming it might be usable for exploitation, I would recommend bumping the
port soon.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list