[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3238-1] pngcheck security update

Debian LTS Advisory DLA-3238-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Tobias Frost
December 13, 2022                             https://wiki.debian.org/LTS

Package        : pngcheck
Version        : 3.0.3-1~deb10u2
CVE ID         : CVE-2020-35511
Debian Bugs    : 1021278

Multiple security issues were discovered in pngcheck, a tool to verify the
integrity of PNG, JNG and MNG files, which could potentially result
in the execution of arbitrary code.


    A global buffer overflow was discovered in pngcheck function in
    pngcheck-2.4.0 (5 patches applied) via a crafted png file.

For Debian 10 buster, these problems have been fixed in version

We recommend that you upgrade your pngcheck packages.

For the detailed security status of pngcheck please refer to its security
tracker page at: https://security-tracker.debian.org/tracker/pngcheck

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to: