FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

png -- heap overflow for 32-bit builds

Affected packages
1.2.6 <= png < 1.5.21
1.6 <= png < 1.6.16


VuXML ID c564f9bd-8ba7-11e4-801f-0022156e8794
Discovery 2014-12-23
Entry 2015-01-05

32-bit builds of PNG library are vulnerable to an unsigned integer overflow that is triggered by a crafted wide interlaced images. Overflow results in a heap corruption that will crash the application and may lead to the controlled overwrite of a selected portions of process address space.