CVE-2017-12652: libpng: does not check length of chunks
Bug #1902993 reported by
Ghada Khalil
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Michel Thebeau [WIND] |
Bug Description
CVE-2017-12652: libpng: does not check length of chunks
CVSSv2: 7.5 (AV:N/AC:
Description:
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
Up to (excluding) 1.6.32
References:
https:/
https:/
https:/
Required package version:
libpng-1.5.13-8.el7
CVE References
Changed in starlingx: | |
importance: | Medium → High |
To post a comment you must log in.
Applicable to stx master (aka stx.5.0) as well as stx.4.0.
The process is to address the CVE in stx master first and then cherrypick to the appropriate release branches after some soak time.