Bug 1667127 (CVE-2019-6129) - CVE-2019-6129 libpng: memory leak of png_info struct in pngcp.c
Summary: CVE-2019-6129 libpng: memory leak of png_info struct in pngcp.c
Status: CLOSED NOTABUG
Alias: CVE-2019-6129
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20190111,reported=2...
Keywords: Security
Depends On: 1667153 1667158 1667152 1667154 1667155 1667156 1667157
Blocks: 1667132
TreeView+ depends on / blocked
 
Reported: 2019-01-17 14:20 UTC by Dhananjay Arunesh
Modified: 2019-06-11 11:13 UTC (History)
15 users (show)

(edit)
A memory leak was found in the pngcp.c utility of libpng. The pngcp utility fails to free the png_info structure allocated by png_create_info_struct before exiting.
Clone Of:
(edit)
Last Closed: 2019-06-10 10:46:02 UTC


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-01-17 14:20:19 UTC
There is a memory leak in the pngcp.c in libpng 1.6.36.  A call to function png_create_info_struct is not paired with a call to png_destroy_info_struct.


Upstream Issue:
https://github.com/glennrp/libpng/issues/269

Comment 1 Laura Pardo 2019-01-17 15:13:44 UTC
Created libpng tracking bugs for this issue:

Affects: fedora-all [bug 1667152]


Created libpng10 tracking bugs for this issue:

Affects: epel-6 [bug 1667157]
Affects: fedora-all [bug 1667154]


Created libpng12 tracking bugs for this issue:

Affects: fedora-all [bug 1667155]


Created libpng15 tracking bugs for this issue:

Affects: fedora-all [bug 1667156]


Created mingw-libpng tracking bugs for this issue:

Affects: epel-7 [bug 1667158]
Affects: fedora-all [bug 1667153]

Comment 2 Doran Moppert 2019-01-23 06:27:40 UTC
This CVE is for contrib/pngcp failing to free a single struct before exiting.  This is not a security issue.  I expect the discussion on upstream issue tracker will lead to this CVE being rejected.

Comment 3 Paul Howarth 2019-01-23 09:40:51 UTC
It's also worth noting that pngcp.c was only shipped with libpng from version 1.6.24 onwards, so older versions did not have this code, let alone build and package it.


Note You need to log in before you can comment on or make changes to this bug.