Bug 1851968 (CVE-2016-5735) - CVE-2016-5735 pngquant: integer overflow in the rwpng_read_image24_libpng function in rwpng.c
Summary: CVE-2016-5735 pngquant: integer overflow in the rwpng_read_image24_libpng fun...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2016-5735
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1851969
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-06-29 14:29 UTC by Guilherme de Almeida Suckevicz
Modified: 2020-12-02 14:18 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-12-01 05:25:41 UTC
Embargoed:

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-06-29 14:29:19 UTC 
Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.

Reference and upstream commit:
https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
Comment 1 Guilherme de Almeida Suckevicz 2020-06-29 14:29:34 UTC 
Created pngquant tracking bugs for this issue:

Affects: epel-all [bug 1851969]
Comment 2 Sergio Basto 2020-06-30 16:55:28 UTC 
pngquant-2.7.2-3.el7 is available on epel7 and have the commit mention [1] why this bug was opened ? 

Thank you  

[1]

https://github.com/kornelski/pngquant/compare/2.7.1...2.7.2
Comment 3 Guilherme de Almeida Suckevicz 2020-12-02 14:18:24 UTC 
sergio, the bz#1851969 was opened to track EPEL6, EPEL7 and EPEL8, EPEL6 shipped an affected version, but since EPEL6 is EOL and EPEL7 and EPEL8 is not affected feel free to close the bz#1851969.

Thanks.
Note You need to log in before you can comment on or make changes to this bug.