Advisories » MGASA-2015-0008

Updated libpng packages fix CVE-2014-9495

Publication date: 07 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9495

Description

Updated libpng packages fix security vulnerability:

libpng versions 1.6.9 through 1.6.15 have an integer-overflow vulnerability
in png_combine_row() when decoding very wide interlaced images, which can
allow an attacker to overwrite an arbitrary amount of memory with arbitrary
(attacker-controlled) data (CVE-2014-9495).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14960
• http://www.libpng.org/pub/png/libpng.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495

SRPMS

4/core

• libpng-1.6.16-1.mga4