Overview

File _patchinfo of Package patchinfo.8173

<patchinfo incident="8173">
  <issue tracker="bnc" id="1121624">VUL-1: CVE-2019-6129: libpng,libpng12,libpng15,libpng12-0,libpng16: png_create_info_struct in png.c in libpng  has a memory leak</issue>
  <issue tracker="bnc" id="1124211">VUL-1: CVE-2019-7317: libpng,libpng12,libpng15,libpng12-0,libpng16: libpng has a use-after-free because png_image_free_function is called under png_safe_execute</issue>
  <issue tracker="bnc" id="1100687">VUL-1: CVE-2018-13785: libpng,libpng12,libpng15,libpng12-0,libpng16: wrong calculation of row_factor in thepng_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while</issue>
  <issue tracker="cve" id="2018-13785"/>
  <issue tracker="cve" id="2019-7317"/>
  <category>security</category>
  <rating>low</rating>
  <packager>pgajdos</packager>
  <description>This update for libpng16 fixes the following issues:

Security issues fixed:

- CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when 
  png_image_free() was called under png_safe_execute (bsc#1124211).
- CVE-2018-13785: Fixed a wrong calculation of row_factor in the
  png_check_chunk_length function in pngrutil.c, which could haved triggered
  and integer overflow and result in an divide-by-zero while processing a
  crafted PNG file, leading to a denial of service (bsc#1100687)
</description>
  <summary>Security update for libpng16</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places