ELBA-2021-15746 - pngcheck Bug Fix update

Release Date:2021-07-21


- Backport fix for RHBZ#1949800 from upstream release 3.0.3

- Fix buffer overflow on large MNG LOOP chunk (RHBZ#1908559)

- Fix a buffer overrun for certain invalid MNG PPLT chunk contents

- Previous fix for buffer overrun printing the contents of the sPLT chunk in
certain malformed inputs (RHBZ#1905775) was incomplete; it should be properly
fixed now.

- Bounds-check all accesses into enumerated-value name arrays; a malformed file
could have caused a buffer overrun in several of these cases. (RHBZ#1902810)
- Fix buffer overrun when print_buffer() is passed a nonpositive size, which
can occur in practice for certain malformed inputs. (RHBZ#1902810)
- In some cases, the chunk length from the file data (sz) is used to index into
the read buffer without sufficient bounds-checking, leading to a buffer
overrun. Fix this for PPLT, hIST, sCAL, FRAM, SAVE, nEED, PAST, DISC, DROP,
DBYK, ORDR, and SEEK chunks. (RHBZ#1902810)
- Fix buffer overrun printing the contents of the sPLT chunk in certain
malformed inputs. (RHBZ#1905775)

Updated Packages

Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) pngcheck-2.4.0-8.el8.src.rpm077a8f48ca7bcf1493c2c615af8f2899-
Oracle Linux 8 (x86_64) pngcheck-2.4.0-8.el8.src.rpm077a8f48ca7bcf1493c2c615af8f2899-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team