Libpng Updates Fix 21-Year-Old Null Dereference Bug - Phoronix

Articles & Reviews
News Archive
Forums
Premium
Categories

Computers GPUs / Graphics Cards Linux Gaming Memory Motherboards CPUs / Processors Software Storage Operating Systems Peripherals

Libpng Updates Fix 21-Year-Old Null Dereference Bug

Written by Michael Larabel in Free Software on 29 December 2016 at 12:22 PM EST. 29 Comments

FREE SOFTWARE --

Libpng 1.6.27, 1.5.28, 1.4.20, 1.2.57, and 1.0.67 were all released today to fix a pointer null dereference bug dating back to 1995.

From the mailing list announcement:

These all fix a potential "NULL dereference" bug that has existed in libpng since version 0.71 of June 26, 1995. To be vulnerable, an application has to load a text chunk into the png structure, then delete all text, then add another text chunk to the same png structure, which seems to be an unlikely sequence, but it has happened.

Great to see that bug being discovered and fixed after 21 years. There are also a few other minor updates to find with libpng 1.6.27.

Here's to hoping for more open-source/Linux security and bug-fixing improvements in 2017!

29 Comments

Related News

FSF Has Finally Elected A New President

Apache Software Foundation Estimates Its Code Value Increased ~$600M For FY2020

LuxCore Open-Source Renderer v2.4 Released With CUDA Support, Better Windows Scaling

The New OpenBenchmarking.org Is Launching Soon

Git 2.28-rc1 Released - Continues The Transition Towards SHA256 Plus Moving Off "Master"

Monado OpenXR Runtime Now Supports Multi-Application Rendering / Overlays

About The Author

Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week

How A Raspberry Pi 4 Performs Against Intel's Latest Celeron, Pentium CPUs

Kernel Developers Work To Block NVIDIA "GPL Condom" Effort Around New NetGPU Code

A "Large Hardware Vendor" Wants A EULA Displayed For Firmware Updates On Linux

Researchers Make More Discoveries Around L1TF/Foreshadow - It's Not Good

LibreOffice 7.0 Released As The Open-Source, Vulkan-Accelerated Office Suite

Btrfs Seeing Some Nice Performance Improvements For Linux 5.9

Ubuntu 20.04.1 LTS Released With The Latest Fixes

Kodi 19 Alpha 1 Released With AV1 Decoding, Many Other HTPC Improvements

çeviri malatya oto kiralama parça eşya taşıma şehirler arası nakliyat şehirlerarası evden eve nakliyat istanbul bursa şehirler arası nakliyat malatya oto kiralama istanbul evden eve nakliyat ofis taşıma ofis taşımacılığı evden eve nakliyat evden eve nakliyat büyü aşk büyüsü ayırma büyüsü medyum medyum şikayetleri medyum yorumları büyü aşk büyüsü bağlama büyüsü dua aşk duası aşk büyüsü büyü aşk büyüsü bağlama büyüsü medyum dolunay medyum aşk büyüsü medyum medyum şikayetleri medyum yorumları metal galvanizli sac paslanmaz sac metal hrp sac paslanmaz çelik mekjoy.com seo seo kursu sex shop istanbul sex shop ataşehir sex shop İstanbul evden eve nakliyat eşya depolama eşya depolama viagra fiyatı cialis fiyat b374k shell