Date: Sat, 14 Nov 2015 21:21:17 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 204551] graphics/png: buffer overflows in libpng 1.6.18 Message-ID: <bug-204551-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204551 Bug ID: 204551 Summary: graphics/png: buffer overflows in libpng 1.6.18 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: portmgr@FreeBSD.org Reporter: walter@lifeforms.nl Assignee: portmgr@FreeBSD.org Flags: maintainer-feedback?(portmgr@FreeBSD.org) "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng [...] before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image." https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126 http://www.openwall.com/lists/oss-security/2015/11/12/2 Assuming it might be usable for exploitation, I would recommend bumping the port soon. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-204551-13>