1382656 – libpng: Out of bounds write in png_write_row

Bug 1382656 - libpng: Out of bounds write in png_write_row

Summary: libpng: Out of bounds write in png_write_row

Keywords:
Status:	CLOSED DUPLICATE of bug 1312337
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	CVE-2016-9082 1382657 1382658 1382659 1382660 1382661 1382662 1382663
Blocks:	1382664
TreeView+	depends on / blocked

Reported:	2016-10-07 10:28 UTC by Adam Mariš
Modified:	2019-09-29 13:57 UTC (History)
CC List:	25 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2016-10-13 10:17:21 UTC
Embargoed:

Attachments	(Terms of Use)

Description Adam Mariš 2016-10-07 10:28:52 UTC

An OOB write vulnerability was found in png_write_row in libpng caused by librsvg and cairo triggered by specially crafted SVG file.

It's not yet known if the actual bug lies in libpng, or cairo or librsvg.

Published via:

http://seclists.org/oss-sec/2016/q4/44

Comment 1 Adam Mariš 2016-10-07 10:30:44 UTC

Created libpng tracking bugs for this issue:

Affects: fedora-all [bug 1382657]

Comment 2 Adam Mariš 2016-10-07 10:31:03 UTC

Created libpng10 tracking bugs for this issue:

Affects: fedora-all [bug 1382658]
Affects: fedora-all [bug 1382659]
Affects: epel-6 [bug 1382662]

Comment 3 Adam Mariš 2016-10-07 10:31:20 UTC

Created libpng15 tracking bugs for this issue:

Affects: fedora-all [bug 1382660]

Comment 4 Adam Mariš 2016-10-07 10:31:36 UTC

Created mingw-libpng tracking bugs for this issue:

Affects: fedora-all [bug 1382661]
Affects: epel-7 [bug 1382663]

Comment 5 Doran Moppert 2016-10-10 06:06:39 UTC

This is bug 1312341.  Adam, I think this should be closed as a dup - can you confirm?  Perhaps check with Stefan?

Comment 6 Adam Mariš 2016-10-10 07:49:06 UTC

(In reply to Doran Moppert from comment #5)
> This is bug 1312341.  Adam, I think this should be closed as a dup - can you
> confirm?  Perhaps check with Stefan?

Thanks for noticing! It looks pretty much it, I asked reporter to confirm.

Comment 7 Adam Mariš 2016-10-13 10:17:21 UTC


*** This bug has been marked as a duplicate of bug 1312337 ***

Note You need to log in before you can comment on or make changes to this bug.

anemec
bmcclain
cfergeau
dblechte
dmoppert
drizt72
eedri
erik-fedora
gklein
ktietz
lsurette
mgoldboi
michal.skrivanek
nforro
paul
phracek
rbalakri
rh-spice-bugs
rjones
sardella
sherold
slawomir
srevivo
ykaul
ylavi