Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Mandriva 2015: 2015-9b7a6c038b Critical libjpeg8 Overflow Issue

fedora
Calendar Grey December 31, 2015
Dist Fedora Esm H88
An update to Fedora's libpng10 addresses a critical underflow issue that could lead to out-of-bounds reads when handling PNG images.
An underflow read was found in png_check_keyword in libpng10

Summary

The libpng10 package contains an old version of libpng, a library of functions

for creating and manipulating PNG (Portable Network Graphics) image format

files.

This package is needed if you want to run binaries that were linked dynamically

with libpng 1.0.x.

Update Information:

An underflow read was found in png_check_keyword in libpng10. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.

Change Log

References


[ 1 ] Bug #1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() https://bugzilla.redhat.com/show_bug.cgi?id=1291312

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update libpng10' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libpng10
Product: Fedora 22
Version: 1.0.66
Release: 1.fc22
Summary: Old version of libpng, needed to run old binaries

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here