[Pkg-phototools-devel] Bug#863469: pngquant: CVE-2016-5735
Emilio Pozuelo Monfort
pochu at debian.org
Sat May 27 10:30:08 UTC 2017
Package: pngquant
X-Debbugs-CC: team at security.debian.org secure-testing-team at lists.alioth.debian.org
Severity: important
Tags: security
Hi,
the following vulnerability was published for pngquant.
CVE-2016-5735[0]:
| Integer overflow in the rwpng_read_image24_libpng function in rwpng.c
| in pngquant 2.7.0 allows remote attackers to have unspecified impact
| via a crafted PNG file, which triggers a buffer overflow.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-5735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5735
The upstream fix is:
https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
Please adjust the affected versions in the BTS as needed.
Cheers,
Emilio
More information about the Pkg-phototools-devel
mailing list