Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 676680 (CVE-2019-6129) - media-gfx/pngtools: memleak in pngcp (CVE-2019-6129)
Summary: media-gfx/pngtools: memleak in pngcp (CVE-2019-6129)
Status: RESOLVED WONTFIX
Alias: CVE-2019-6129
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://cve.mitre.org/cgi-bin/cvename...
Whiteboard: B3 [upstream cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-29 01:32 UTC by psp
Modified: 2021-01-28 00:54 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description psp 2019-01-29 01:32:42 UTC 
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. 

Upstream:
https://github.com/glennrp/libpng/issues/269
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2019-04-27 06:39:33 UTC 
Maintainers please advise if this is fixed in the current stabilization: media-libs/libpng-1.6.37
Comment 2 Thomas Deutschmann gentoo-dev 2019-04-27 11:59:52 UTC 
This is an error in media-gfx/pngtools, not in media-libs/libpng.
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2021-01-28 00:54:37 UTC 
Disputed upstream and minor impact if any as noted by upstream devs.