pool/libpng12
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

merge into: pool:leap-16.0
Branches Tags
pool:factory pool:leap-16.0 pool:leap-16.1
...
pull from: pool:factory
Branches Tags
pool:factory pool:leap-16.0 pool:leap-16.1

2 Commits
leap-16.0 ... factory

Author SHA256 Message Date
Ana Guerrero
0d0386932e Accepting request 1320952 from graphics 
- security update
- modified patches
  * libpng-1.2.51-CVE-2013-7353.patch (-p1)
  * libpng-1.2.51-CVE-2013-7354.patch (-p1)
- added patches
  CVE-2025-64505 [bsc#1254157], heap buffer over-read in `png_do_quantize` via malformed palette index
  * libpng12-CVE-2025-64505.patch

OBS-URL: https://build.opensuse.org/request/show/1320952
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libpng12?expand=0&rev=42
 2025-12-04 10:24:58 +00:00
Petr Gajdos
fbb7f2554a checkin 
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng12?expand=0&rev=70
 2025-12-03 09:33:03 +00:00
5 changed files with 56 additions and 5 deletions
Expand all files Collapse all files

4
libpng-1.2.51-CVE-2013-7353.patch
View File

@@ -3,8 +3,8 @@ http://sourceforge.net/p/libpng/code/ci/77a817bfc298a221e3e623acf73c2a1e726c4ec6
http://sourceforge.net/p/libpng/code/ci/bec9ca9b8aa0cf16d2cde1757379afbe9adbe7d9
Index: pngset.c
===================================================================
--- pngset.c.orig 2014-04-22 16:08:23.458978035 +0200
+++ pngset.c 2014-04-22 16:09:15.921977136 +0200
--- a/pngset.c 2014-04-22 16:08:23.458978035 +0200
+++ b/pngset.c 2014-04-22 16:09:15.921977136 +0200
@@ -986,9 +986,17 @@
if (png_ptr == NULL || info_ptr == NULL || num_unknowns == 0)
return;

4
libpng-1.2.51-CVE-2013-7354.patch
View File

@@ -2,8 +2,8 @@ http://sourceforge.net/p/libpng/code/ci/798d3de5f66b6df6d6605f968da641c24725b15e
http://sourceforge.net/p/libpng/code/ci/77a0a2ea113e699c7021caf1a530d2e2dd90b497
Index: pngset.c
===================================================================
--- pngset.c.orig 2014-04-24 14:13:43.144134631 +0200
+++ pngset.c 2014-04-24 14:23:31.461124549 +0200
--- a/pngset.c 2014-04-24 14:13:43.144134631 +0200
+++ b/pngset.c 2014-04-24 14:23:31.461124549 +0200
@@ -19,6 +19,7 @@
#define PNG_INTERNAL
#define PNG_NO_PEDANTIC_WARNINGS

38
libpng12-CVE-2025-64505.patch Normal file
View File

@@ -0,0 +1,38 @@
From 6a528eb5fd0dd7f6de1c39d30de0e41473431c37 Mon Sep 17 00:00:00 2001
From: Cosmin Truta <ctruta@gmail.com>
Date: Sat, 8 Nov 2025 23:58:26 +0200
Subject: [PATCH] Fix a buffer overflow in `png_do_quantize`
Allocate the quantize_index array to PNG_MAX_PALETTE_LENGTH (256 bytes)
instead of num_palette bytes. This approach matches the allocation
pattern for `palette[]`, `trans_alpha[]` and `riffled_palette[]` which
were similarly oversized in libpng 1.2.1 to prevent buffer overflows
from malformed PNG files with out-of-range palette indices.
Out-of-range palette indices `index >= num_palette` will now read
identity-mapped values from the `quantize_index` array (where index N
maps to palette entry N). This prevents undefined behavior while
avoiding runtime bounds checking overhead in the performance-critical
pixel processing loop.
Reported-by: Samsung-PENTEST <Samsung-PENTEST@users.noreply.github.com>
Analyzed-by: degrigis <degrigis@users.noreply.github.com>
---
pngrtran.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
Index: libpng-1.2.59/pngrtran.c
===================================================================
--- libpng-1.2.59.orig/pngrtran.c
+++ libpng-1.2.59/pngrtran.c
@@ -176,8 +176,8 @@ png_set_dither(png_structp png_ptr, png_
int i;
png_ptr->dither_index = (png_bytep)png_malloc(png_ptr,
- (png_uint_32)(num_palette * png_sizeof(png_byte)));
- for (i = 0; i < num_palette; i++)
+ (png_uint_32)(PNG_MAX_PALETTE_LENGTH * png_sizeof(png_byte)));
+ for (i = 0; i < PNG_MAX_PALETTE_LENGTH; i++)
png_ptr->dither_index[i] = (png_byte)i;
}

11
libpng12.changes
View File

@@ -1,3 +1,14 @@
-------------------------------------------------------------------
Wed Dec 3 09:31:58 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
- security update
- modified patches
* libpng-1.2.51-CVE-2013-7353.patch (-p1)
* libpng-1.2.51-CVE-2013-7354.patch (-p1)
- added patches
CVE-2025-64505 [bsc#1254157], heap buffer over-read in `png_do_quantize` via malformed palette index
* libpng12-CVE-2025-64505.patch
-------------------------------------------------------------------
Fri Mar 1 08:38:09 UTC 2024 - pgajdos@suse.com

4
libpng12.spec
View File

@@ -34,6 +34,8 @@ Source: https://downloads.sourceforge.net/project/libpng/%{name}/%{versi
Source2: baselibs.conf
Patch0: libpng-1.2.51-CVE-2013-7353.patch
Patch1: libpng-1.2.51-CVE-2013-7354.patch
# CVE-2025-64505 [bsc#1254157], heap buffer over-read in `png_do_quantize` via malformed palette index
Patch2: libpng12-CVE-2025-64505.patch
BuildRequires: libtool
BuildRequires: pkg-config
BuildRequires: zlib-devel
@@ -97,7 +99,7 @@ tools necessary for compiling and linking programs that don't care
about libpng version.
%prep
%autosetup -p0 -n libpng-%{version}
%autosetup -p1 -n libpng-%{version}
%build
# PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1