oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE

From: cve-assign () mitre org
Date: Fri, 4 Dec 2015 23:45:50 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


The patch was incomplete.  While it defended against the potential overrun
while reading PNG files, it did not detect a potential overrun by
applications using png_set_PLTE directly.  Libpng versions 1.6.20, 1.5.25,
1.4.18, 1.2.55, and 1.0.65 which were released today, December 3, 2015, fix
this remaining problem.


Use CVE-2015-8472 for this remaining problem that existed
in 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWYmuxAAoJEL54rhJi8gl5fKgP/R34HOQsDbtueiudqEmpZiRY
XvFsHDn8sq0hc8q3YokGFmsxrZ3JiIpbk6BYOdTWRr1HwQVfhTCZQ/RTs5KdPEoL
H/Hg5Izeu04FibarTKkkbGiNqhQm/JuFe5YFm8+y652B5dCdtljGrHiVQJRp/fNy
ZKiSfkhShLVI/S2okJIcHPf6EZOtUH8BJEo3Al0Yo2+aQlZHYrwfnrcybDwlg4lQ
VK7SL/kuY/adQd6OTzE6/yyhfyVqkRmWLy4bVsIcVMLTbWATT6iz729TtAChgReB
iDCNdAvjbVsBNnFGnJM9gspKag5mh7X4N3LncCgJhjiZHfswuJO+fZEVMNJLYRZR
oYGSTAs5CRV8aQRrbOQOItbSv1d4IxjifZiTCLKKg8er6AKQGCrNV2H5wH4yuP2s
22DpILP6WFDR20hNfTwMG4I8VLyftpnjlULnJcU/OE2c2+AiInPdmGunJ+UGpZYo
ojoSTnYnrIRb7LUankhNhFJEZCDFDRTqfidID7+3I9bJoxXYrX04sPsqY4zOisB0
AhU6MduHIQZ030RAQ4GBYPwAvCVE83MwYm12akWVWZOV8ufHMLb9vueGsNYca1cr
xk+cgOAKridrnku8Szx5hNx908DR73CjqxMIgesri61PgYTSVMMMDZmPjQQwkt1n
fPgsgykozfzDkyw3O1NY
=UXtM
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: