Security update for libpng16
This update for libpng16 fixes the following issues:
Security issues fixed:
- CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when
png_image_free() was called under png_safe_execute (bsc#1124211).
- CVE-2018-13785: Fixed a wrong calculation of row_factor in the
png_check_chunk_length function in pngrutil.c, which could haved triggered
and integer overflow and result in an divide-by-zero while processing a
crafted PNG file, leading to a denial of service (bsc#1100687)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1121624
VUL-1: CVE-2019-6129: libpng,libpng12,libpng15,libpng12-0,libpng16: png_create_info_struct in png.c in libpng has a memory leak
bnc#1124211
VUL-1: CVE-2019-7317: libpng,libpng12,libpng15,libpng12-0,libpng16: libpng has a use-after-free because png_image_free_function is called under png_safe_execute
bnc#1100687
VUL-1: CVE-2018-13785: libpng,libpng12,libpng15,libpng12-0,libpng16: wrong calculation of row_factor in thepng_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while
