A crafted PNG image can lean to a segmentation fault and DoS in png_setup_paeth_row() function.
Created java-latest-openjdk tracking bugs for this issue: Affects: epel-8 [bug 2142605] Created libpng tracking bugs for this issue: Affects: fedora-all [bug 2142604]
Recent updates on the upstream bug shows this CVE may be compiler related: https://sourceforge.net/p/libpng/bugs/300/
I have asked the libpng maintainers and issue reporter to clarify if they believe this issue warrants a CVE: https://sourceforge.net/p/libpng/bugs/300/#49ea
I'm curious about that status change `Assignee: security-response-team → nobody` Does the CNA or Root email contact [0] track issues that Red Hat assigns CVEs to? [0] https://www.cve.org/PartnerInformation/ListofPartners/partner/redhat