FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pngcheck -- Buffer-overrun vulnerability

Affected packages
pngcheck < 3.0.1


VuXML ID 13ca36b8-6141-11eb-8a36-7085c2fb2c14
Discovery 2021-01-24
Entry 2021-01-28

The libpng project reports:

pngcheck versions 3.0.0 and earlier have a pair of buffer-overrun bugs related to the sPLT and PPLT chunks (the latter is a MNG-only chunk, but it gets noticed even in PNG files if the -s option is used). Both bugs are fixed in version 3.0.1, released on 24 January 2021. Again, while all known vulnerabilities are fixed in this version, the code is quite crufty, so it would be safest to assume there are still some problems hidden in there. As always, use at your own risk.