Package: libpng / 1.2.50-2+deb8u3

CVE-2015-8472/0003-Fixed-bug-recently-introduced-in-png_set_PL.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
From ad224c6907e8a274f2679eae4c2e3085fdc7e8c8 Mon Sep 17 00:00:00 2001
From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
Date: Sun, 22 Nov 2015 20:24:03 -0600
Subject: [PATCH] [libpng12] Fixed bug recently introduced in png_set_PLTE()
 that uses png_ptr

not info_ptr.
---
--- a/pngset.c
+++ b/pngset.c
@@ -453,8 +453,8 @@ png_set_PLTE(png_structp png_ptr, png_in
    if (png_ptr == NULL || info_ptr == NULL)
       return;
 
-   max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
-      (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
+   max_palette_length = (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
+      (1 << info_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
 
    if (num_palette < 0 || num_palette > (int) max_palette_length)
    {