summaryrefslogtreecommitdiff
path: root/libpng15-CVE-2013-6954.patch
diff options
context:
space:
mode:
Diffstat (limited to 'libpng15-CVE-2013-6954.patch')
-rw-r--r--libpng15-CVE-2013-6954.patch21
1 files changed, 21 insertions, 0 deletions
diff --git a/libpng15-CVE-2013-6954.patch b/libpng15-CVE-2013-6954.patch
new file mode 100644
index 0000000..43a1d46
--- /dev/null
+++ b/libpng15-CVE-2013-6954.patch
@@ -0,0 +1,21 @@
+diff --git a/pngset.c b/pngset.c
+index 4177e62..3876103 100644
+--- a/pngset.c
++++ b/pngset.c
+@@ -524,6 +524,16 @@ png_set_PLTE(png_structp png_ptr, png_infop info_ptr,
+ return;
+ }
+ }
++ if ((num_palette > 0 && palette == NULL) ||
++ (num_palette == 0
++ # ifdef PNG_MNG_FEATURES_SUPPORTED
++ && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0
++ # endif
++ ))
++ {
++ png_error(png_ptr, "Invalid palette");
++ return;
++ }
+
+ /* It may not actually be necessary to set png_ptr->palette here;
+ * we do it for backward compatibility with the way the png_handle_tRNS
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-18 21:55:21 +0000