CVE-2015-0973
Publication date 18 January 2015
Last updated 24 July 2024
Ubuntu priority
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
Status
Package | Ubuntu Release | Status |
---|---|---|
libpng | ||
14.04 LTS trusty |
Not affected
|
|
texlive-bin | ||
14.04 LTS trusty | Not in release | |
Notes
References
Other references
- http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt
- http://mid.gmane.org/Pine.LNX.4.64.1501101510150.31425@beijing.mitre.org
- http://www.openwall.com/lists/oss-security/2015/01/10/3
- http://www.openwall.com/lists/oss-security/2015/01/10/1
- http://sourceforge.net/p/png-mng/mailman/message/33173461/
- https://www.cve.org/CVERecord?id=CVE-2015-0973