Advisories ยป MGASA-2015-0451

Updated libpng/libpng12 packages fix security vulnerability

Publication date: 19 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8126

Description

Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions
in libpng before 1.6.19 allow remote attackers to cause a denial of
service (application crash) or possibly have unspecified other impact via
a small bit-depth value in an IHDR (aka image header) chunk in a PNG image
(CVE-2015-8126).

This issue also affected libpng 1.2 before 1.2.54.  The libpng and
libpng12 packages have been updated to versions 1.6.19 and 1.2.54,
respectively, fixing this issue.
                

References

SRPMS

5/core