Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 12 Nov 2015 22:03:05 -0500 (EST)
From: cve-assign@...re.org
To: glennrp@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: libpng buffer overflow in png_set_PLTE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> I request a CVE for a vulnerability in libpng, all versions, in the
> png_set_PLTE/png_get_PLTE functions.  These functions failed to check for
> an out-of-range palette when reading or writing PNG files with a bit_depth
> less than 8.  Some applications might read the bit depth from the IHDR
> chunk and allocate memory for a 2^N entry palette, while libpng can return
> a palette with up to 256 entries even when the bit depth is less than 8.

>> https://github.com/glennrp/libpng/blob/libpng16/CHANGES

Use CVE-2015-8126.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWRVIvAAoJEL54rhJi8gl5sPkQAKEY828dq1YZnIDjf8gSQldb
Bam8eRz0cVyxGo8sZ5oB+FTymMaBNGfccLBWY0XoS8WcGFYOOv1rBqIhvJrvyGm/
TsNXJJTqwe41rF1SQNOT6AwncJtsfXpPhMrCOvqw3s71dDMcxtyXkyQycry4V8Kt
IMBz++W50GC/KanDXjYnR+XTGddvU9hh9OytOZmGiroeArBn6D62KI0sBRFW1bzJ
q8ftTiV8wznang1xy8pFYaTTXK+UIOe23tVw6XAZAcpMXXF31g84SjbjULHEnS7G
Zc1m9MspDI0zo5LPVv0SZM5NpQ0H9KH7HsJ1JYY+qCqK72eUN6hnkMz2FKXqa6LA
Pj6Smng4WuPfROlse8QaM46Auk2qI6aJ3TvrfSnMiEiXuumSs3fSdAksvSO5ncvm
AbIlVmc/tBnw26wlP7Bi0YAMoLzlZACK2IemVwsHjd8r8KZZEQRGV0ofPB3TH2+i
AsmOWHdz3UQeFcOkK+KOk/gb41uDzr0tIt6u9PCc/H0mAV2b3DbF/l+dxHpg1VcO
ZHnc6pUTYZY4eWBnfSFhuL7f5qA2OlNsxMUIcLd1twtRFyAllr9d9cU5Ex05KeOJ
fgawhpJJ9zyq0fcwPitvCji+UpJher0GBrb/BLWufUbiYIVN+fUP/mDKf3zrJvAk
ncDbOaufQIwVUmXaH0iy
=K98Y
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ