libpng: User-assisted execution of arbitrary code — GLSA 201502-10

Two vulnerabilities have been found in libpng, possibly resulting in execution of arbitrary code.

Affected packages

Package	media-libs/libpng on all architectures
Affected versions	< 1.6.16
Unaffected versions	>= 1.6.16 >= 1.5.21 >= 1.2.52

Background

libpng is a standard library used to process PNG (Portable Network Graphics) images. It is used by several programs, including web browsers and potentially server processes.

Description

Two vulnerabilities have been discovered in libpng:

The png_user_version_check function contains an out-of-bounds memory access error (libpng 1.6.15 Release Notes)
The png_combine_row function contains an integer overflow error, which could result in a heap-based buffer overflow (CVE-2014-9495)

Impact

A context-dependent attacker could entice a user to open a specially crafted PNG file using an application linked against libpng, possibly resulting in execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All libpng 1.6 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.16"

All libpng 1.5 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.21"

References

Release date
February 15, 2015

Latest revision
January 03, 2017: 3

Severity
normal

Exploitable
local, remote

Bugzilla entries