oss-sec mailing list archives
Re: Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE
From: cve-assign () mitre org
Date: Fri, 4 Dec 2015 23:45:50 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
The patch was incomplete. While it defended against the potential overrun while reading PNG files, it did not detect a potential overrun by applications using png_set_PLTE directly. Libpng versions 1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65 which were released today, December 3, 2015, fix this remaining problem.
Use CVE-2015-8472 for this remaining problem that existed in 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWYmuxAAoJEL54rhJi8gl5fKgP/R34HOQsDbtueiudqEmpZiRY XvFsHDn8sq0hc8q3YokGFmsxrZ3JiIpbk6BYOdTWRr1HwQVfhTCZQ/RTs5KdPEoL H/Hg5Izeu04FibarTKkkbGiNqhQm/JuFe5YFm8+y652B5dCdtljGrHiVQJRp/fNy ZKiSfkhShLVI/S2okJIcHPf6EZOtUH8BJEo3Al0Yo2+aQlZHYrwfnrcybDwlg4lQ VK7SL/kuY/adQd6OTzE6/yyhfyVqkRmWLy4bVsIcVMLTbWATT6iz729TtAChgReB iDCNdAvjbVsBNnFGnJM9gspKag5mh7X4N3LncCgJhjiZHfswuJO+fZEVMNJLYRZR oYGSTAs5CRV8aQRrbOQOItbSv1d4IxjifZiTCLKKg8er6AKQGCrNV2H5wH4yuP2s 22DpILP6WFDR20hNfTwMG4I8VLyftpnjlULnJcU/OE2c2+AiInPdmGunJ+UGpZYo ojoSTnYnrIRb7LUankhNhFJEZCDFDRTqfidID7+3I9bJoxXYrX04sPsqY4zOisB0 AhU6MduHIQZ030RAQ4GBYPwAvCVE83MwYm12akWVWZOV8ufHMLb9vueGsNYca1cr xk+cgOAKridrnku8Szx5hNx908DR73CjqxMIgesri61PgYTSVMMMDZmPjQQwkt1n fPgsgykozfzDkyw3O1NY =UXtM -----END PGP SIGNATURE-----
Current thread:
- Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE Glenn Randers-Pehrson (Dec 03)
- Re: Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE cve-assign (Dec 04)