code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Sinan Kaya <okaya@kernel.org>
	Sat, 22 Sep 2018 02:16:49 +0000 (02:16 +0000)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Thu, 27 Sep 2018 11:16:47 +0000 (12:16 +0100)
commit	4cc1862695c6899b61e3900216376c1b2f338a19
tree	676957d762f2174b012d52a710fee21f88fe11ea	tree \| snapshot
parent	c35a0355a3561cd17703ece3a66c3389ceb224bf	commit \| diff

libpng: CVE-2018-13785

* CVE-2018-13785
In libpng 1.6.34, a wrong calculation of row_factor in the
png_check_chunk_length function (pngrutil.c) may trigger an
integer overflow and resultant divide-by-zero while processing
a crafted PNG file, leading to a denial of service.

(cherry picked from 8a05766cb74af05c04c53e6c9d60c13fc4d59bf2)

Affects libpng <= 1.6.34

CVE: CVE-2018-13785
Ref: https://access.redhat.com/security/cve/cve-2018-13785
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta/recipes-multimedia/libpng/files/CVE-2018-13785.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/libpng/libpng_1.6.34.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom