Libpng Updates Fix 21-Year-Old Null Dereference Bug
Written by Michael Larabel in Free Software on 29 December 2016 at 12:22 PM EST. 29 Comments
FREE SOFTWARE --
Libpng 1.6.27, 1.5.28, 1.4.20, 1.2.57, and 1.0.67 were all released today to fix a pointer null dereference bug dating back to 1995.

From the mailing list announcement:
These all fix a potential "NULL dereference" bug that has existed in libpng since version 0.71 of June 26, 1995. To be vulnerable, an application has to load a text chunk into the png structure, then delete all text, then add another text chunk to the same png structure, which seems to be an unlikely sequence, but it has happened.

Great to see that bug being discovered and fixed after 21 years. There are also a few other minor updates to find with libpng 1.6.27.

Here's to hoping for more open-source/Linux security and bug-fixing improvements in 2017!
29 Comments
Related News
Inkscape 1.2 Open-Source Vector Graphics Program Released
Jemalloc 5.3 Released With Many Speed & Space Optimizations
PAPPL 1.2 Released With Full Localization Support, More IPP Features
OpenJPEG 2.5 Released With High Throughput JPEG 2000 Decoding (HTJ2K)
Dbus-Broker 30 Released For High Performance Linux Message Bus
PAPPL 1.2 Beta Printer Application Framework Released
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week
Fedora 36 Is A Terrific Release Especially For Linux Enthusiasts, Power Users
Arch Linux Temporarily Steps Back From WirePlumber After Snafu
AMD Graphics Driver Surpassing 4 Million Lines Of Code In Linux 5.19, NVIDIA Opens Up At 1 Million
MIPS Claims "Best-In-Class Performance" With New RISC-V eVocore CPUs
Valve Developer Starts Poking At Open-Source "RADV" Driver Support For GFX11/RDNA3
Microsoft Issues First Production Release Of Its CBL-Mariner 2.0 Linux Distribution
Godot 4.0 Alpha 8 Game Engine Released With Some Nice Improvements
Ubuntu's Chromium Snap Now Allows Enabling Native Wayland Support