ArchLinux: 201701-4: libpng12: denial of service
Summary
A NULL-pointer dereference issue has been found in png_set_text_2() in libpng. To be vulnerable, an application has to load a text chunk into the png structure, then delete all text, then add another text chunk to the same png structure.
Resolution
Upgrade to 1.2.57-1.
# pacman -Syu "libpng12>=1.2.57-1"
The problem has been fixed upstream in version 1.2.57.
References
https://seclists.org/oss-sec/2016/q4/782 https://security.archlinux.org/CVE-2016-10087
Workaround
None.