Information on source package libpng1.6

Available versions

Release	Version
stretch	1.6.28-1+deb9u1
buster	1.6.36-6
bullseye	1.6.37-3
bookworm	1.6.39-2
trixie	1.6.44-2
sid	1.6.44-2

Open issues

Bug	stretch	buster	bullseye	bookworm	trixie	sid	Description
CVE-2017-12652	vulnerable (no DSA, ignored)	fixed	fixed	fixed	fixed	fixed	libpng before 1.6.32 does not properly check the length of chunks agai ...

Open unimportant issues

Bug	stretch	buster	bullseye	bookworm	trixie	sid	Description
CVE-2021-4214	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	A heap overflow flaw was found in libpngs' pngimage.c program. This fl ...
CVE-2019-6129	vulnerable	vulnerable	vulnerable	fixed	fixed	fixed	png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as ...
CVE-2018-14550	vulnerable	vulnerable	fixed	fixed	fixed	fixed	An issue has been found in third-party PNM decoding associated with li ...
CVE-2018-14048	vulnerable	vulnerable	fixed	fixed	fixed	fixed	An issue has been found in libpng 1.6.34. It is a SEGV in the function ...

Resolved issues

Bug	Description
CVE-2019-7317	png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...
CVE-2018-13785	In libpng 1.6.34, a wrong calculation of row_factor in the png_check_c ...
CVE-2016-10087	The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before ...
CVE-2015-8472	Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, ...
CVE-2015-0973	Buffer overflow in the png_read_IDAT_data function in pngrutil.c in li ...
CVE-2014-9495	Heap-based buffer overflow in the png_combine_row function in libpng b ...
CVE-2014-0333	The png_push_read_chunk function in pngpread.c in the progressive deco ...
CVE-2013-7354	Multiple integer overflows in libpng before 1.5.14rc03 allow remote at ...
CVE-2013-7353	Integer overflow in the png_set_unknown_chunks function in libpng/pngs ...

Security announcements

DSA / DLA	Description
DSA-4435-1	libpng1.6 - security update