Advisories » MGASA-2015-0451

Updated libpng/libpng12 packages fix security vulnerability

Publication date: 19 Nov 2015
Modification date: 19 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8126

Description

Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions
in libpng before 1.6.19 allow remote attackers to cause a denial of
service (application crash) or possibly have unspecified other impact via
a small bit-depth value in an IHDR (aka image header) chunk in a PNG image
(CVE-2015-8126).

This issue also affected libpng 1.2 before 1.2.54.  The libpng and
libpng12 packages have been updated to versions 1.6.19 and 1.2.54,
respectively, fixing this issue.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17161
• http://openwall.com/lists/oss-security/2015/11/13/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126

SRPMS

5/core

• libpng-1.6.19-1.mga5
• libpng12-1.2.54-1.mga5