Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-22168

Crash bug (vulnerability) in bundled libpng 1.5.4

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 4.7.4
    • Fix Version/s: 4.8.0
    • Component/s: Image formats
    • Labels:
      None
    • Commits:
      e5098123c12880d922923d1117f7b82995c6b5a0

      Description

      Certain malformed PNGs cause a crash in libpng.

      The PNG Development Group explains that libpng 1.5.4 (only) introduced a divide-by-zero bug in png_handle_cHRM(), which could lead to crashes (denial of service), ref. http://www.libpng.org/pub/png/libpng.html

      This task was created as a result of comments to QTBUG-21408

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              vgt Eirik Aavitsland
              Reporter:
              vgt Eirik Aavitsland
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes