Bug 1102846 - (CVE-2018-14550) VUL-0: CVE-2018-14550: libpng,libpng12,libpng15,libpng12-0,libpng16: Stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token()
(CVE-2018-14550)
VUL-0: CVE-2018-14550: libpng,libpng12,libpng15,libpng12-0,libpng16: Stack-ba...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Petr Gajdos
Security Team bot
https://smash.suse.de/issue/211728/
CVSSv3:RedHat:CVE-2018-14550:7.0:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-27 09:09 UTC by Karol Babioch
Modified: 2018-07-31 14:53 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-07-27 09:09:15 UTC
rh#1608800

Stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token() function in libpng was found, possibly leading to arbitrary code execution when processing untrusted input.

Upstream bug:

https://github.com/glennrp/libpng/issues/246

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1608800
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14550
Comment 1 Petr Gajdos 2018-07-31 14:53:54 UTC
Acording to upstream, the issue lies directly in pnm2png.c:
https://github.com/glennrp/libpng/issues/246#issuecomment-406785718

However, we do not distribute pnm2png at all. Please dispute in case of doubts.