libpng: multiple issues

2015-11-17T00:00:00
ID ASA-201511-9
Type archlinux
Reporter Arch Linux
Modified 2015-11-17T00:00:00

Description

  • CVE-2015-7981 (out-of-bounds read)

This is an array indexing error, which can lead to an out-of-bounds read of a static buffer. The result is now unsigned (no longer negative, but now a huge positive number).

  • CVE-2015-8126 (arbitrary code execution)

Buffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE, allowing remote attackers to cause DoS to application or have unspecified other impact. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bit_depth less than 8. Some applications might read the bit depth from the IHDR chunk and allocate memory for a 2^N entry palette, while libpng can return a palette with up to 256 entries even when the bit depth is less than 8.