Libpng's custodian Glenn Randers-Pehrson asked for the CVE for the bug here. He writes:Via: The Register
“I request a CVE for a vulnerability in libpng, all versions, in the png_set_PLTE/png_get_PLTE functions. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bit_depth less than 8. Some applications might read the bit depth from the IHDR chunk and allocate memory for a 2^N entry palette, while libpng can return a palette with up to 256 entries even when the bit depth is less than 8.
“libpng versions 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64 were released today (12 November 2015) to fix this vulnerability. See libpng.sourceforge.net”.
Critical security flaw discovered in PNG graphics library
Posted on Monday, November 16 2015 @ 13:24 CET by Thomas De MaesschalckSecurity researchers have discovered a critical security bug in the graphics processing library libpng. The bug enables attackers to trigger a buffer overflow via a manipulated PNG image file, and potentially allows all kinds of nasty stuff to happen. Various implementations of the libpng library are used across many platforms and are used by many applications including browsers, file browsers, music players, app stores, etc. Patches for the libpng library are available but it will likely take some time for software developers have updated every vulnerable application.
