Bug 204551 - graphics/png: buffer overflows in libpng 1.6.18 (CVE-2015-8126)
Summary: graphics/png: buffer overflows in libpng 1.6.18 (CVE-2015-8126)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Bernard Spil
URL: https://reviews.freebsd.org/D4164
Keywords: security
Depends on:
Reported: 2015-11-14 21:21 UTC by Walter Hop
Modified: 2015-11-17 03:12 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback-
koobs: merge-quarterly+


Note You need to log in before you can comment on or make changes to this bug.
Description Walter Hop 2015-11-14 21:21:17 UTC
"Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng [...] before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image."



Assuming it might be usable for exploitation, I would recommend bumping the port soon.
Comment 1 Antoine Brodin freebsd_committer 2015-11-14 21:39:31 UTC
libpng website is down and sourceforge is in in Disaster Recovery mode (and doesn't have 1.6.19 yet),  so this update will have to wait a few hours I guess..
Comment 2 Bernard Spil freebsd_committer 2015-11-15 11:09:39 UTC
This is now handled in Phabricator
Comment 3 commit-hook freebsd_committer 2015-11-15 11:41:26 UTC
A commit references this bug:

Author: antoine
Date: Sun Nov 15 11:41:02 UTC 2015
New revision: 401693
URL: https://svnweb.freebsd.org/changeset/ports/401693

  Update to 1.6.19

  PR:		204551
  MFH:		2015Q4
  Security:	CVE-2015-8126

Comment 4 commit-hook freebsd_committer 2015-11-15 11:43:28 UTC
A commit references this bug:

Author: antoine
Date: Sun Nov 15 11:43:12 UTC 2015
New revision: 401694
URL: https://svnweb.freebsd.org/changeset/ports/401694

  MFH: r401693

  Update to 1.6.19

  PR:		204551
  Security:	CVE-2015-8126

_U  branches/2015Q4/
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2015-11-17 03:12:02 UTC
security/vuxml change committed by brnrd@ in r401719 [1] but PR: not referenced.

[1] http://svnweb.freebsd.org/changeset/ports/401719

CC committer that resolved.