Overview

File _patchinfo of Package patchinfo.10963

<patchinfo incident="10963">
  <issue tracker="bnc" id="1124211">VUL-1: CVE-2019-7317: libpng,libpng12,libpng15,libpng12-0,libpng16: libpng has a use-after-free because png_image_free_function is called under png_safe_execute</issue>
  <issue tracker="bnc" id="1141493">VUL-1: CVE-2017-12652: libpng,libpng12,libpng15,libpng12-0,libpng16: libpng before 1.6.32 does not properly check the length of chunks against the user limit.</issue>
  <issue tracker="cve" id="2017-12652"/>
  <issue tracker="cve" id="2019-7317"/>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for libpng16</summary>
  <description>This update for libpng16 fixes the following issues:

Security issues fixed:

- CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when
  png_image_free() was called under png_safe_execute (bsc#1124211).
- CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places