pngcheck 3.0.3 published 2021
Bug #1960400 reported by
Thees Ullmann
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| pngcheck (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Having discovered pngcheck lately, I suggest updating this package before the next Ubuntu LTS release. The envisaged pngcheck version for Ubuntu 22.04 seems to be 3.02 (https:/
Thank you!
| tags: | added: upgrade-software-version |
Revision history for this message
| Andrew Aitchison (werdnakendal) wrote | #1 |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in pngcheck (Ubuntu): | |
| status: | New → Confirmed |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in pngcheck (Ubuntu): | |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
According to http://
Vulnerability Warning
pngcheck versions 3.0.2 and earlier have a divide-by-zero bug when zlib-decoding interlaced PNGs with extra data beyond what is required for the declared image dimensions. This bug is fixed in version 3.0.3, released on 25 April 2021. Again, while all known vulnerabilities are fixed in this version, the code is quite crufty, so it would be safest to assume there are still some problems hidden in there. As always, use at your own risk.