Описание
Security update for libpng12-0
This update for libpng12-0 fixes the following issues:
Security issues fixed:
- CVE-2015-8540: read underflow in libpng (bsc#958791)
- CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2017:0901-1
- E-Mail link for SUSE-SU-2017:0901-1
- SUSE Security Ratings
- SUSE Bug 1017646
- SUSE Bug 958791
- SUSE CVE CVE-2015-8540 page
- SUSE CVE CVE-2016-10087 page
Описание
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Затронутые продукты
Ссылки
- CVE-2015-8540
- SUSE Bug 1149680
- SUSE Bug 958791
- SUSE Bug 963937
Описание
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
Затронутые продукты
Ссылки
- CVE-2016-10087
- SUSE Bug 1017646
- SUSE Bug 1149680