Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 10 Jan 2015 15:14:48 -0500 (EST)
From: cve-assign@...re.org
To: endeavor <endeavor@...nbowsandpwnies.com>
cc: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Re: CVE Request: libpng 1.6.15 Heap Overflow


On Fri, 9 Jan 2015, endeavor wrote:

> I thought it might be helpful to add some additional clarity to this bug.
> There were two bugs patched in the latest updates to libpng. The first bug is 
> an overflow in png_read_IDAT_data, and is triggerable due to checks on image 
> width that were removed a while ago in libpng branches 1.6.x and 1.5.x. This 
> is the bug against which the following write up applies: 
> http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt .
> While fixing this bug, John Bowler found a second, unrelated overflow in 
> png_combine_row. His mailing list post on that bug is found here: 
> http://sourceforge.net/p/png-mng/mailman/message/33172831/ . It looks like 
> CVE-2014-9495 was assigned against this bug, but attributed to me by 
> accident.

Thank you for clarifying.

CVE-2014-9495 remains associated with the png_combine_row() issue found by 
John Bowler.  We will update its description and references if needed.

Use CVE-2015-0973 for the png_read_IDAT_data/png_handle_IHDR issue.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.