Описание
Security update for libpng12
This update for libpng12 fixes the following issues:
Security issues fixed:
- CVE-2015-8540: read underflow in libpng (bsc#958791)
- CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.1
openSUSE Leap 42.2
Ссылки
- E-Mail link for openSUSE-SU-2017:0942-1
- SUSE Security Ratings
Описание
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Затронутые продукты
Ссылки
- CVE-2015-8540
- SUSE Bug 1149680
- SUSE Bug 958791
- SUSE Bug 963937
Описание
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
Затронутые продукты
Ссылки
- CVE-2016-10087
- SUSE Bug 1017646
- SUSE Bug 1149680