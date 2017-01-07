Name : libpng10

Product : Fedora 25

Version : 1.0.67

Release : 1.fc25

URL : http://www.libpng.org/pub/png/libpng.html

Summary : Old version of libpng, needed to run old binaries

Description :

The libpng10 package contains an old version of libpng, a library of functions

for creating and manipulating PNG (Portable Network Graphics) image format

files.



This package is needed if you want to run binaries that were linked dynamically

with libpng 1.0.x.



This update fixes an old NULL pointer dereference bug in png_set_text_2()

discovered and patched by Patrick Keshishian (CVE-2016-10087). The potential

"NULL dereference" bug has existed in libpng since version 0.71 of June

26,

1995. To be vulnerable, an application has to load a text chunk into the png

structure, then delete all text, then add another text chunk to the same png

structure, which seems to be an unlikely sequence, but it has happened. The

update also fixes some documentation typos and an instance of undefined

behavior.

[ 1 ] Bug #1409617 - CVE-2016-10087 libpng: NULL pointer dereference in

png_set_text_2()

https://bugzilla.redhat.com/show_bug.cgi?id=1409617

