diff options
author | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2015-12-09 09:37:20 -0600 |
---|---|---|
committer | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2015-12-09 09:37:20 -0600 |
commit | 9d757479d19fae9a0769ec57076f4c49de3faf4d (patch) | |
tree | 3930d56e0bcaa22683188b1bc77fc2820ad84c18 | |
parent | 8c12b3c2cc24a4c0d5889e0e2a02e7f340a9dc9a (diff) | |
download | libpng-9d757479d19fae9a0769ec57076f4c49de3faf4d.tar.gz |
[libpng14] Fixed an out-of-range read in png_check_keyword() (Bug report from
Qixue Xiao).
-rw-r--r-- | ANNOUNCE | 31 | ||||
-rw-r--r-- | CHANGES | 6 | ||||
-rw-r--r-- | pngwutil.c | 2 |
3 files changed, 20 insertions, 19 deletions
@@ -1,37 +1,34 @@ -Libpng 1.4.18 - December 3, 2015 +Libpng 1.4.19beta01 - December 9, 2015 -This is a public release of libpng, intended for use in production codes. +This is not intended to be a public release. It will be replaced +within a few weeks by a public version or by another test version. Files available for download: Source files with LF line endings (for Unix/Linux) and with a "configure" script - libpng-1.4.18.tar.xz (LZMA-compressed, recommended) - libpng-1.4.18.tar.gz + 1.4.19beta01.tar.xz (LZMA-compressed, recommended) + 1.4.19beta01.tar.gz Source files with CRLF line endings (for Windows), without the "configure" script - lpng1418.7z (LZMA-compressed, recommended) - lpng1418.zip + lp1419b01.7z (LZMA-compressed, recommended) + lp1419b01.zip Other information: - libpng-1.4.18-README.txt - libpng-1.4.18-LICENSE.txt - libpng-1.4.18-*.asc (armored detached GPG signatures) + 1.4.19beta01-README.txt + 1.4.19beta01-LICENSE.txt + libpng-1.4.19beta01-*.asc (armored detached GPG signatures) -Changes since the last public release (1.4.17): +Changes since the last public release (1.4.18): - Avoid potential pointer overflow in png_handle_iTXt(), png_handle_zTXt(), - png_handle_sPLT(), and png_handle_pCAL() (Bug report by John Regehr). - Fixed incorrect implementation of png_set_PLTE() that uses png_ptr - not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 - vulnerability. - Discontinued distributing tar.bz2 archives. - Discontinued distributing libpng-oldversion-newversion-diff.txt +version 1.4.19 [December 9, 2015] + Fixed an out-of-range read in png_check_keyword() (Bug report from + Qixue Xiao). Send comments/corrections/commendations to glennrp at users.sourceforge.net or to png-mng-implement at lists.sf.net (subscription required; visit @@ -3014,7 +3014,7 @@ version 1.4.18beta01 [November 20, 2015] version 1.4.18beta02 [November 23, 2015] Fixed incorrect implementation of png_set_PLTE() that uses png_ptr not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 - vulnerability. + vulnerability. Fixes CVE-2015-8472. version 1.4.18rc01 [November 26, 2015] Discontinued distributing tar.bz2 archives. @@ -3022,6 +3022,10 @@ version 1.4.18rc01 [November 26, 2015] version 1.4.18 [December 3, 2015] Discontinued distributing libpng-oldversion-newversion-diff.txt +version 1.4.19beta01 [December 9, 2015] + Fixed an out-of-range read in png_check_keyword() (Bug report from + Qixue Xiao). + Send comments/corrections/commendations to glennrp at users.sourceforge.net or to png-mng-implement at lists.sf.net (subscription required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement). diff --git a/pngwutil.c b/pngwutil.c index 141edd585..8404000b2 100644 --- a/pngwutil.c +++ b/pngwutil.c @@ -1303,7 +1303,7 @@ png_check_keyword(png_structp png_ptr, png_charp key, png_charpp new_key) { png_warning(png_ptr, "trailing spaces removed from keyword"); - while (*kp == ' ') + while (key_len && *kp == ' ') { *(kp--) = '\0'; key_len--; |