[v3.0] libpng: heap overflow (CVE-2014-9495, CVE-2015-0973)
CVE-2014-9495:
Heap-based buffer overflow in the png_combine_row function in libpng
before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems,
might allow context-dependent attackers to execute arbitrary code via a
“very wide interlaced” PNG image.
•MLIST:[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap
Overflow
•URL: http://www.openwall.com/lists/oss-security/2015/01/04/3
•MLIST:[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are
available
•URL: http://sourceforge.net/p/png-mng/mailman/message/33173461/
•MLIST:[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap
Overflow
•URL: http://www.openwall.com/lists/oss-security/2015/01/10/1
•MLIST:[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap
Overflow
•URL: http://www.openwall.com/lists/oss-security/2015/01/10/3
•MLIST:[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and
1.6.16rc02 are available
•URL: http://sourceforge.net/p/png-mng/mailman/message/33172831/
•BID:71820
•URL: http://www.securityfocus.com/bid/71820
•SECTRACK:1031444
•URL: http://www.securitytracker.com/id/1031444
CVE-2015-0973:
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in
libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent
attackers to execute arbitrary code via IDAT data with a large width, a
different vulnerability than CVE-2014-9495.
•MLIST:[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap
Overflow
•URL: http://www.openwall.com/lists/oss-security/2015/01/10/1
•MLIST:[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap
Overflow
•URL: http://www.openwall.com/lists/oss-security/2015/01/10/3
•MLIST:[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are
available
•URL: http://sourceforge.net/p/png-mng/mailman/message/33173461/
•MISC: http://tfpwn.com/files/libpng\_heap\_overflow\_1.6.15.txt
(from redmine: issue id 3851, created on 2015-02-02, closed on 2015-02-04)
- Relations:
- parent #3848 (closed)
- Changesets:
- Revision f7af94eb by Natanael Copa on 2015-02-02T11:26:32Z:
main/libpng: security upgrade to 1.6.16 (CVE-2014-9495,CVE-2015-0973)
fixes #3851