Wind River Support Network

HomeDefectsLIN6-10785
Fixed

LIN6-10785 : Security Advisory - libpng - CVE-2015-8472

Created: Jan 27, 2016    Updated: Dec 3, 2018
Resolved Date: Feb 3, 2016
Previous ID: SCP6-663
Found In Version: 6.0.0.27
Fix Version: 6.0.0.28
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8472

Other Downloads


Live chat
Online