|
Message-Id: <20151113030305.3273073C0B1@smtpvmsrv1.mitre.org> Date: Thu, 12 Nov 2015 22:03:05 -0500 (EST) From: cve-assign@...re.org To: glennrp@...il.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE request: libpng buffer overflow in png_set_PLTE -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > I request a CVE for a vulnerability in libpng, all versions, in the > png_set_PLTE/png_get_PLTE functions. These functions failed to check for > an out-of-range palette when reading or writing PNG files with a bit_depth > less than 8. Some applications might read the bit depth from the IHDR > chunk and allocate memory for a 2^N entry palette, while libpng can return > a palette with up to 256 entries even when the bit depth is less than 8. >> https://github.com/glennrp/libpng/blob/libpng16/CHANGES Use CVE-2015-8126. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWRVIvAAoJEL54rhJi8gl5sPkQAKEY828dq1YZnIDjf8gSQldb Bam8eRz0cVyxGo8sZ5oB+FTymMaBNGfccLBWY0XoS8WcGFYOOv1rBqIhvJrvyGm/ TsNXJJTqwe41rF1SQNOT6AwncJtsfXpPhMrCOvqw3s71dDMcxtyXkyQycry4V8Kt IMBz++W50GC/KanDXjYnR+XTGddvU9hh9OytOZmGiroeArBn6D62KI0sBRFW1bzJ q8ftTiV8wznang1xy8pFYaTTXK+UIOe23tVw6XAZAcpMXXF31g84SjbjULHEnS7G Zc1m9MspDI0zo5LPVv0SZM5NpQ0H9KH7HsJ1JYY+qCqK72eUN6hnkMz2FKXqa6LA Pj6Smng4WuPfROlse8QaM46Auk2qI6aJ3TvrfSnMiEiXuumSs3fSdAksvSO5ncvm AbIlVmc/tBnw26wlP7Bi0YAMoLzlZACK2IemVwsHjd8r8KZZEQRGV0ofPB3TH2+i AsmOWHdz3UQeFcOkK+KOk/gb41uDzr0tIt6u9PCc/H0mAV2b3DbF/l+dxHpg1VcO ZHnc6pUTYZY4eWBnfSFhuL7f5qA2OlNsxMUIcLd1twtRFyAllr9d9cU5Ex05KeOJ fgawhpJJ9zyq0fcwPitvCji+UpJher0GBrb/BLWufUbiYIVN+fUP/mDKf3zrJvAk ncDbOaufQIwVUmXaH0iy =K98Y -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.