1667127 – (CVE-2019-6129) CVE-2019-6129 libpng: memory leak of png_info struct in pngcp.c

Bug 1667127 (CVE-2019-6129) - CVE-2019-6129 libpng: memory leak of png_info struct in pngcp.c

Summary: CVE-2019-6129 libpng: memory leak of png_info struct in pngcp.c

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-6129
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1667152 1667153 1667154 1667155 1667156 1667157 1667158
Blocks:	1667132
TreeView+	depends on / blocked

Reported:	2019-01-17 14:20 UTC by Dhananjay Arunesh
Modified:	2019-09-29 15:05 UTC (History)
CC List:	15 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A memory leak was found in the pngcp.c utility of libpng. The pngcp utility fails to free the png_info structure allocated by png_create_info_struct before exiting.
Clone Of:
Environment:
Last Closed:	2019-06-10 10:46:02 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2019-01-17 14:20:19 UTC

There is a memory leak in the pngcp.c in libpng 1.6.36.  A call to function png_create_info_struct is not paired with a call to png_destroy_info_struct.


Upstream Issue:
https://github.com/glennrp/libpng/issues/269

Comment 1 Laura Pardo 2019-01-17 15:13:44 UTC

Created libpng tracking bugs for this issue:

Affects: fedora-all [bug 1667152]


Created libpng10 tracking bugs for this issue:

Affects: epel-6 [bug 1667157]
Affects: fedora-all [bug 1667154]


Created libpng12 tracking bugs for this issue:

Affects: fedora-all [bug 1667155]


Created libpng15 tracking bugs for this issue:

Affects: fedora-all [bug 1667156]


Created mingw-libpng tracking bugs for this issue:

Affects: epel-7 [bug 1667158]
Affects: fedora-all [bug 1667153]

Comment 2 Doran Moppert 2019-01-23 06:27:40 UTC

This CVE is for contrib/pngcp failing to free a single struct before exiting.  This is not a security issue.  I expect the discussion on upstream issue tracker will lead to this CVE being rejected.

Comment 3 Paul Howarth 2019-01-23 09:40:51 UTC

It's also worth noting that pngcp.c was only shipped with libpng from version 1.6.24 onwards, so older versions did not have this code, let alone build and package it.

Note You need to log in before you can comment on or make changes to this bug.