oss-sec mailing list archives
CVE request: libpng buffer overflow in png_set_PLTE
From: Glenn Randers-Pehrson <glennrp () gmail com>
Date: Thu, 12 Nov 2015 13:26:27 -0500
I request a CVE for a vulnerability in libpng, all versions, in the png_set_PLTE/png_get_PLTE functions. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bit_depth less than 8. Some applications might read the bit depth from the IHDR chunk and allocate memory for a 2^N entry palette, while libpng can return a palette with up to 256 entries even when the bit depth is less than 8. libpng versions 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64 were released today (12 November 2015) to fix this vulnerability. See libpng.sourceforge.net regards, Glenn Randers-Pehrson libpng custodian
Current thread:
- CVE request: libpng buffer overflow in png_set_PLTE Glenn Randers-Pehrson (Nov 12)
- Re: CVE request: libpng buffer overflow in png_set_PLTE cve-assign (Nov 12)