A NULL-pointer dereference issue has been found in png_set_text_2() in libpng. To be vulnerable, an application has to load a text chunk into the png structure, then delete all text, then add another text chunk to the same png structure.
A NULL-pointer dereference issue has been found in png_set_text_2() in libpng. To be vulnerable, an application has to load a text chunk into the png structure, then delete all text, then add another text chunk to the same png structure.
http://seclists.org/oss-sec/2016/q4/782
Fixed in 1.6.27 and 1.2.57 https://sourceforge.net/p/libpng/code/ci/243d4e5f3fe71740d52a53cf3dd77cc83a3430ba https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb (libpng16) https://sourceforge.net/p/libpng/code/ci/794a15fad6add4d636369d0b46f603a02995b2e2 (libpng12)