USN-3962-1: libpng vulnerability
30 April 2019
libpng be made to crash or run programs if it opened a specially crafted file.
- libpng1.6 - PNG (Portable Network Graphics) file library
It was discovered that libpng incorrectly handled certain memory
operations. If a user or automated system were tricked into opening a
specially crafted PNG file, a remote attacker could use this issue to
cause libpng to crash, resulting in a denial of service, or possibly
execute arbitrary code.
- USN-3991-1: firefox
- USN-3997-1: thunderbird
- USN-4080-1: openjdk-8-jre, openjdk-8-jdk, openjdk-8-jre-zero, openjdk-8, openjdk-8-jre-jamvm, openjdk-8-jdk-headless, openjdk-8-jre-headless
- USN-4083-1: openjdk-lts, openjdk-11-jre-zero, openjdk-11-jre, openjdk-11-jdk, openjdk-11-jre-headless, openjdk-11-jdk-headless