[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE Request: libpng 1.6.15 Heap Overflow
From:       endeavor <endeavor () rainbowsandpwnies ! com>
Date:       2014-12-22 23:16:53
Message-ID: CAMd2mh2=qWR5zy3kXw-Cf-jozZn1Df=R8+XskOk-O7dZc-t0QA () mail ! gmail ! com
[Download RAW message or body]


I am requesting a CVE for a heap-overflow in libpng 1.6.15. It's my
understanding that versions 1.6.9-1.6.15 are vulnerable, and according to
patch notes it looks like some revisions in the 1.5 branch may have been
affected as well. However, I've only tested 1.6.15 and can only speak for
it.

Link to announcement of new version:
http://sourceforge.net/p/png-mng/mailman/message/33173461/

Link to a description of the vulnerability:
http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt

Please let me know!

- Alex


[prev in list] [next in list] [prev in thread] [next in thread]