Ubuntu
libpng package

buffer overflows in libpng (CVE-2015-8126)

Bug #1516651 reported by Walter Hop
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libpng (Ubuntu)
New
Undecided
Unassigned

Bug Description

"Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image."

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126

http://www.openwall.com/lists/oss-security/2015/11/12/2

It seems that the used libpng versions are vulnerable to buffer overflow (possibly even RCE) and I would recommend patching them.

If I got this wrong I apologize -- Relative Ubuntu newbie here. :)

See original description
Walter Hop (lifeforms)
description: updated
Seth Arnold (seth-arnold)
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.