Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 568216 (CVE-2015-8540) - <media-libs/libpng-1.{2.56,5.26}: out-of-range read in png_check_keyword() (CVE-2015-8540)
Summary: <media-libs/libpng-1.{2.56,5.26}: out-of-range read in png_check_keyword() (C...
Alias: CVE-2015-8540
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa cve]
Depends on:
Reported: 2015-12-14 11:32 UTC by Agostino Sarubbo
Modified: 2016-11-15 07:40 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-12-14 11:32:59 UTC
From ${URL} :

there is a underflow read in png_check_keyword in pngwutil.c in libpng-1.2.54, which is found by XiaoQixue and ChenYu.

if the data of "key" is only ' ' (0x20), it will read a byte before the buffer in line 1288.

it also impacts libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 .

the details as follows:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Lars Wendler (Polynomial-C) gentoo-dev 2016-01-16 10:45:13 UTC
commit 11e6585c2bffe51b132b1dbf63cf7daa61791391
Author: Lars Wendler <>
Date:   Sat Jan 16 11:36:44 2016

    media-libs/libpng: Bump to versions 1.2.56, 1.5.26 and 1.6.21

    Package-Manager: portage-2.2.26
    Signed-off-by: Lars Wendler <>

Arches please test and mark stable the following versions:

amd64 x86

amd64 x86
Comment 2 Agostino Sarubbo gentoo-dev 2016-01-16 11:08:30 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2016-01-16 11:08:56 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 Lars Wendler (Polynomial-C) gentoo-dev 2016-01-16 11:26:05 UTC
commit 6b850475b834437bc0016db3233ce079f8d48cd2
Author: Lars Wendler <>
Date:   Sat Jan 16 12:25:02 2016

    media-libs/libpng: Security cleanup (bug #568216).

    Package-Manager: portage-2.2.26
    Signed-off-by: Lars Wendler <>
Comment 5 Kristian Fiskerstrand gentoo-dev Security 2016-02-08 20:24:42 UTC
Added to existing GLSA request
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2016-11-15 07:40:55 UTC
This issue was resolved and addressed in
 GLSA 201611-08 at
by GLSA coordinator Aaron Bauman (b-man).