An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libpng | Libpng | 1.6.34 (including) | 1.6.34 (including) |
| Libpng | Ubuntu | esm-infra-legacy/trusty | * |
| Libpng | Ubuntu | esm-infra/xenial | * |
| Libpng | Ubuntu | precise/esm | * |
| Libpng | Ubuntu | trusty | * |
| Libpng | Ubuntu | trusty/esm | * |
| Libpng | Ubuntu | xenial | * |
| Libpng1.6 | Ubuntu | artful | * |
| Libpng1.6 | Ubuntu | bionic | * |
| Libpng1.6 | Ubuntu | cosmic | * |
| Libpng1.6 | Ubuntu | disco | * |
| Libpng1.6 | Ubuntu | esm-apps/xenial | * |
| Libpng1.6 | Ubuntu | esm-infra/bionic | * |
| Libpng1.6 | Ubuntu | upstream | * |
| Libpng1.6 | Ubuntu | xenial | * |
References
- http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://github.com/fouzhe/security/tree/master/libpng
- https://github.com/glennrp/libpng/issues/238
- https://seclists.org/bugtraq/2019/Apr/30
- https://security.gentoo.org/glsa/201908-02
- http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://github.com/fouzhe/security/tree/master/libpng
- https://github.com/glennrp/libpng/issues/238
- https://seclists.org/bugtraq/2019/Apr/30
- https://security.gentoo.org/glsa/201908-02