Bug 1851968 (CVE-2016-5735)

Summary: CVE-2016-5735 pngquant: integer overflow in the rwpng_read_image24_libpng function in rwpng.c
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: besser82, sergio
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-12-01 05:25:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1851969    
Bug Blocks:    

Description Guilherme de Almeida Suckevicz 2020-06-29 14:29:19 UTC 
Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.

Reference and upstream commit:
https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
Comment 1 Guilherme de Almeida Suckevicz 2020-06-29 14:29:34 UTC 
Created pngquant tracking bugs for this issue:

Affects: epel-all [bug 1851969]
Comment 2 Sergio Basto 2020-06-30 16:55:28 UTC 
pngquant-2.7.2-3.el7 is available on epel7 and have the commit mention [1] why this bug was opened ? 

Thank you  

[1]

https://github.com/kornelski/pngquant/compare/2.7.1...2.7.2
Comment 3 Guilherme de Almeida Suckevicz 2020-12-02 14:18:24 UTC 
sergio, the bz#1851969 was opened to track EPEL6, EPEL7 and EPEL8, EPEL6 shipped an affected version, but since EPEL6 is EOL and EPEL7 and EPEL8 is not affected feel free to close the bz#1851969.

Thanks.