Bug 1382656 - libpng: Out of bounds write in png_write_row
Summary: libpng: Out of bounds write in png_write_row
Keywords:
Status: CLOSED DUPLICATE of bug 1312337
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1382661 1382663 CVE-2016-9082 1382657 1382658 1382659 1382660 1382662
Blocks: 1382664
TreeView+ depends on / blocked
 
Reported: 2016-10-07 10:28 UTC by Adam Mariš
Modified: 2019-09-29 13:57 UTC (History)
25 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-10-13 10:17:21 UTC


Attachments (Terms of Use)

Description Adam Mariš 2016-10-07 10:28:52 UTC
An OOB write vulnerability was found in png_write_row in libpng caused by librsvg and cairo triggered by specially crafted SVG file.

It's not yet known if the actual bug lies in libpng, or cairo or librsvg.

Published via:

http://seclists.org/oss-sec/2016/q4/44

Comment 1 Adam Mariš 2016-10-07 10:30:44 UTC
Created libpng tracking bugs for this issue:

Affects: fedora-all [bug 1382657]

Comment 2 Adam Mariš 2016-10-07 10:31:03 UTC
Created libpng10 tracking bugs for this issue:

Affects: fedora-all [bug 1382658]
Affects: fedora-all [bug 1382659]
Affects: epel-6 [bug 1382662]

Comment 3 Adam Mariš 2016-10-07 10:31:20 UTC
Created libpng15 tracking bugs for this issue:

Affects: fedora-all [bug 1382660]

Comment 4 Adam Mariš 2016-10-07 10:31:36 UTC
Created mingw-libpng tracking bugs for this issue:

Affects: fedora-all [bug 1382661]
Affects: epel-7 [bug 1382663]

Comment 5 Doran Moppert 2016-10-10 06:06:39 UTC
This is bug 1312341.  Adam, I think this should be closed as a dup - can you confirm?  Perhaps check with Stefan?

Comment 6 Adam Mariš 2016-10-10 07:49:06 UTC
(In reply to Doran Moppert from comment #5)
> This is bug 1312341.  Adam, I think this should be closed as a dup - can you
> confirm?  Perhaps check with Stefan?

Thanks for noticing! It looks pretty much it, I asked reporter to confirm.

Comment 7 Adam Mariš 2016-10-13 10:17:21 UTC

*** This bug has been marked as a duplicate of bug 1312337 ***


Note You need to log in before you can comment on or make changes to this bug.