| Name | CVE-2015-0973 |
| Description | Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 773823, 775673 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| libpng1.6 (PTS) | bullseye | 1.6.37-3 | fixed |
| bookworm | 1.6.39-2 | fixed |
| sid, trixie | 1.6.43-5 | fixed |
| texlive-bin (PTS) | bullseye (security), bullseye | 2020.20200327.54578-7+deb11u1 | fixed |
| bookworm | 2022.20220321.62855-5.1+deb12u1 | fixed |
| trixie | 2024.20240313.70630+ds-2 | fixed |
| sid | 2024.20240313.70630+ds-3 | fixed |
The information below is based on the following data on fixed versions.
Notes
- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
- iceweasel <not-affected> (squeeze used the system libpng, and later versions define their own limits)
- icedove <not-affected> (squeeze used the system libpng, and later versions define their own limits)
[squeeze] - texlive-bin <not-affected> (has a copy of libpng 1.2)
[wheezy] - texlive-bin <not-affected> (uses system libpng)
http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt
http://mid.gmane.org/Pine.LNX.4.64.1501101510150.31425@beijing.mitre.org