An out-of-bounds read in png_convert_to_rfc1123() in png.c could potentially be exploited by a crafted PNG file to leak information from an application's memory (CVE-2015-7981).
Buffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE, allowing remote attackers to cause DoS to application or have unspecified other impact (CVE-2015-8126).
Also includes various other small bug fixes as detailed in the package changelog.
sudo dnf upgrade --advisory=FEDORA-2015-1d87313b7c
Please login to add feedback.