Fedora has issued an advisory on May 5: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGE643ALPDU76YXVRUPIB5FNWLYX3PXF/ Mageia 7 and 8 are also affected.
Source RPM: (none) => pngcheck-3.0.2-1.mga8.src.rpmWhiteboard: (none) => MGA8TOO, MGA7TOO
Hi, thanks for reporting this. Assigned to the package maintainer. (Please set the status to 'assigned' if you are working on it)
CC: (none) => ouaurelienAssignee: bugsquad => zen25000
New version pngcheck-3.0.3 to fix this pushed in Cauldron. This also builds without error for Mga7 and Mga8 so updates and advisories to follow.
Status comment: (none) => assigned
Status comment: assigned => Fixed upstream in 3.0.3
pngcheck-3.0.3-1.mga8 has peen pushed to 8/core/updates_testing ##################### Advisory This update fixes a divide-by-zero crash bug (and probable vulnerability) in interlaced images with extra compressed data beyond the nominal end of the image data. (found by "chiba of topsec alpha lab") ##################### References https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGE643ALPDU76YXVRUPIB5FNWLYX3PXF/ https://bugs.mageia.org/show_bug.cgi?id=28879 #################### Files affected pngcheck-3.0.3-1.mga8.i586 pngcheck-debuginfo-3.0.3-1.mga8.i586 pngcheck-debugsource-3.0.3-1.mga8.i586 pngcheck-3.0.3-1.mga8.x86_64 pngcheck-debuginfo-3.0.3-1.mga8.x86_64 pngcheck-debugsource-3.0.3-1.mga8.x86_64 Provided by: pngcheck-3.0.3-1.mga8.src.rpm #################### Testing A set of good and faulty .png files are available here: http://www.schaik.com/pngsuite/PngSuite-2017jul19.tgz (Extract to a new folder, there are a lot and it's a tar bomb!)
pngcheck-3.0.3-1.mga7 has peen pushed to 7/core/updates_testing ##################### Advisory This update fixes a divide-by-zero crash bug (and probable vulnerability) in interlaced images with extra compressed data beyond the nominal end of the image data. (found by "chiba of topsec alpha lab") ##################### References https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGE643ALPDU76YXVRUPIB5FNWLYX3PXF/ https://bugs.mageia.org/show_bug.cgi?id=28879 #################### Files affected pngcheck-3.0.3-1.mga7.i586 pngcheck-debuginfo-3.0.3-1.mga7.i586 pngcheck-debugsource-3.0.3-1.mga7.i586 pngcheck-3.0.3-1.mga7.x86_64 pngcheck-debuginfo-3.0.3-1.mga7.x86_64 pngcheck-debugsource-3.0.3-1.mga7.x86_64 Provided by: pngcheck-3.0.3-1.mga7.src.rpm #################### Testing A set of good and faulty .png files are available here: http://www.schaik.com/pngsuite/PngSuite-2017jul19.tgz (Extract to a new folder, there are a lot and it's a tar bomb!)
Assignee: zen25000 => qa-bugs
Status comment: Fixed upstream in 3.0.3 => (none)
Version: Cauldron => 8Whiteboard: MGA8TOO, MGA7TOO => MGA7TOO
mga8, x64 Starting with pngcheck-3.0.2-1. No PoC found. Followed the link given and downloaded Chris Nokleberg's archive of damaged PNG files from http://www.libpng.org/pub/png/apps/pngcheck.html -> https://sourceforge.net/projects/javapng/files/brokensuite/20061204/brokensuite-20061204.zip/download?use_mirror=master $ pngcheck -c *.png .... xlfn0g04.png: CORRUPTED by text conversion ERROR: xlfn0g04.png ztxt_compression_method.png invalid zTXt compression method (3) ERROR: ztxt_compression_method.png OK: ztxt_data_format.png (32x32, 4-bit grayscale, non-interlaced, -47.1%). Errors were detected in 107 of the 114 files tested. Warnings were detected in 5 of the 114 files tested. No errors were detected in 2 of the 114 files tested. This is as expected. $ pngcheck -cvt Jessica.png File: Jessica.png (933238 bytes) chunk IHDR at offset 0x0000c, length 13 1200 x 896 image, 24-bit RGB, non-interlaced chunk pHYs at offset 0x00025, length 9: 11811x11811 pixels/meter (300 dpi) [...] chunk tEXt at offset 0xe3d1d, length 24, keyword: JPEG-Colorspace-Name RGB chunk tEXt at offset 0xe3d41, length 33, keyword: JPEG-Sampling-factors 2x2,1x1,1x1 chunk IEND at offset 0xe3d6e, length 0 No errors detected in Jessica.png (36 chunks, 71.1% compression). Updated the package. $ rpm -q pngcheck pngcheck-3.0.3-1.mga8 Repeated the image checks. $ pngcheck -c glenview.png OK: glenview.png (602x400, 24-bit RGB, non-interlaced, 51.7%). $ pngcheck -cvt Jessica.png .... chunk IEND at offset 0xe3d6e, length 0 No errors detected in Jessica.png (36 chunks, 71.1% compression). <As before> $ pngcheck -p OrphanBlack.png File: OrphanBlack.png (959909 bytes) OK: OrphanBlack.png (1080x761, 24-bit RGB, non-interlaced, 61.1%). Brokensuite test: ... Errors were detected in 107 of the 114 files tested. Warnings were detected in 5 of the 114 files tested. No errors were detected in 2 of the 114 files tested. Also tested the PngSuite files. $ pngcheck -ct *.png ..... File: z09n2c08.png (224 bytes) OK: z09n2c08.png (32x32, 24-bit RGB, non-interlaced, 92.7%). Errors were detected in 15 of the 176 files tested. No errors were detected in 161 of the 176 files tested. This all looks OK for mga8.
Whiteboard: MGA7TOO => MGA7TOO MGA8-64-OKCC: (none) => tarazed25
mga7, x64 Ran the all the checks on all the files used in the tests reported in comment 5. The results were identical to the previous results, before and after the update. Good for mga7.
Whiteboard: MGA7TOO MGA8-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0210.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED