FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

png -- heap overflow for 32-bit builds

Affected packages
1.2.6 <= png < 1.5.21
1.6 <= png < 1.6.16

Details

VuXML ID c564f9bd-8ba7-11e4-801f-0022156e8794
Discovery 2014-12-23
Entry 2015-01-05

32-bit builds of PNG library are vulnerable to an unsigned integer overflow that is triggered by a crafted wide interlaced images. Overflow results in a heap corruption that will crash the application and may lead to the controlled overwrite of a selected portions of process address space.

References

URL http://codelabs.ru/security/vulns/analysis/libpng/2014-dec-libpng-1.6.15/
URL http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt