Advisories » MGASA-2015-0417

Updated libpng12 package fixes security vulnerability

Publication date: 30 Oct 2015
Modification date: 30 Oct 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-7981

Description

An out-of-bounds read in png_convert_to_rfc1123() in png.c in libpng
1.2.x before 1.2.54 could potentially be exploited by a crafted PNG
file to leak information from an application's memory (CVE-2015-7981).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17022
• http://openwall.com/lists/oss-security/2015/10/26/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981

SRPMS

5/core

• libpng12-1.2.52-1.1.mga5