oss-sec mailing list archives
CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)
From: xiaoqixue_1 <xiaoqixue_1 () 163 com>
Date: Thu, 10 Dec 2015 22:04:02 +0800 (CST)
there is a underflow read in png_check_keyword in pngwutil.c in libpng-1.2.54, which is found by XiaoQixue and ChenYu. if the data of "key" is only ' ' (0x20), it will read a byte before the buffer in line 1288. it also impacts libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 . the details as follows: https://sourceforge.net/p/libpng/bugs/244/
Current thread:
- CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key Wade Mealing (Dec 08)
- CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key xiaoqixue_1 (Dec 09)
- CVE request - a out of bound read bug is found in libdwarf xiaoqixue_1 (Dec 09)
- Re: CVE request - a out of bound read bug is found in libdwarf cve-assign (Dec 09)
- CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) xiaoqixue_1 (Dec 10)
- Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) Glenn Randers-Pehrson (Dec 10)
- Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) Glenn Randers-Pehrson (Dec 17)
- Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) cve-assign (Dec 11)
- Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) Glenn Randers-Pehrson (Dec 11)
- CVE request - a out of bound read bug is found in libdwarf xiaoqixue_1 (Dec 09)
- CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key xiaoqixue_1 (Dec 09)