Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow. Reference and upstream commit: https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
Created pngquant tracking bugs for this issue: Affects: epel-all [bug 1851969]
pngquant-2.7.2-3.el7 is available on epel7 and have the commit mention [1] why this bug was opened ? Thank you [1] https://github.com/kornelski/pngquant/compare/2.7.1...2.7.2
sergio, the bz#1851969 was opened to track EPEL6, EPEL7 and EPEL8, EPEL6 shipped an affected version, but since EPEL6 is EOL and EPEL7 and EPEL8 is not affected feel free to close the bz#1851969. Thanks.