Arch Linux Security Advisory ASA-201512-18 ========================================== Severity: High Date : 2015-12-28 CVE-ID : CVE-2015-8472 Package : libpng Type : buffer overflow Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package libpng before version 1.6.20-1 is vulnerable to a buffer overflow vulnerability, incompletely fixed in version 1.6.19. Resolution ========== Upgrade to 1.6.20-1. # pacman -Syu "libpng>=1.6.20-1" The problem has been fixed upstream in version 1.6.20. Workaround ========== None. Description =========== It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. This issue is the result of an incomplete fix for CVE-2015-8126 in libpng 1.6.19. Impact ====== A remote attacker might be able to execute arbitrary code on the affected by submitting a crafted PNG file to an application calling directly the png_set_PLTE() with invalid palette sizes. References ========== https://access.redhat.com/security/cve/CVE-2015-8472 http://seclists.org/oss-sec/2015/q4/439