Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Fedora 33 FEDORA-2021-674d704f6c Moderate: PNGCheck Buffer Overflow

fedora
Calendar Grey February 8, 2021
Dist Fedora Esm H88
Recent updates to pngcheck in Fedora 33 improve security measures, tackling significant vulnerabilities in the processing of image files.
Buffer overflow fixes: 1

Summary

pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the

internal 32-bit CRCs [checksums] and decompressing the image data); it can

optionally dump almost all of the chunk-level information in the image in

human-readable form. For example, it can be used to print the basic statistics

about an image (dimensions, bit depth, etc.); to list the color and

transparency info in its palette (assuming it has one); or to extract the

embedded text annotations. This is a command-line program with batch

capabilities.

The current release supports all PNG, MNG and JNG chunks, including the newly

approved sTER stereo-layout chunk. It correctly reports errors in all but two

of the images in Chris Nokleberg's brokensuite-20061204.

Buffer overflow fixes: 1. Fix buffer overflow on large MNG LOOP chunk

(RHBZ#1908559). 2. Fix a buffer overrun for certain invalid MNG PPLT chunk

contents (RHBZ#1907428).

* Thu Jan 7 2021 Benjamin A. Beasley - 2.4.0-7

- Fix buffer overflow on large MNG LOOP chunk (RHBZ#1908559)

* Thu Jan 7 2021 Benjamin A. Beasley - 2.4.0-6

- Fix a buffer overrun for certain invalid MNG PPLT chunk contents

(RHBZ#1907428).

[ 1 ] Bug #1907428 - Private bug

https://bugzilla.redhat.com/show_bug.cgi?id=1907428

[ 2 ] Bug #1908559 - Private bug

https://bugzilla.redhat.com/show_bug.cgi?id=1908559

su -c 'dnf upgrade --advisory FEDORA-2021-674d704f6c' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory fedora update buffer overflow fix image integrity pngcheck

Change Log

References

Update Instructions

Product: Fedora 33
Version: 2.4.0
Release: 7.fc33
URL: http://www.libpng.org/pub/png/apps/pngcheck.html
Summary: Verifies the integrity of PNG, JNG and MNG files

Topics%20covered

Topics Covered

security advisory fedora update buffer overflow fix image integrity pngcheck

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here