You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The CVE CVE-2015-0973 mentions a buffer overflow in png_read_IDAT_data, which suggests the vulnerability is related to handling large width values in IDAT data. However, the patch is applied to the png_combine_row function in pngrutil.c.
Could you clarify why the patch was placed in png_combine_row instead of addressing the issue directly in png_read_IDAT_data?
Understanding the reasoning behind this decision would help in evaluating the scope of the fix and its implications on other parts of the code.
The text was updated successfully, but these errors were encountered:
The CVE CVE-2015-0973 mentions a buffer overflow in
png_read_IDAT_data, which suggests the vulnerability is related to handling large width values in IDAT data. However, the patch is applied to thepng_combine_rowfunction in pngrutil.c.Could you clarify why the patch was placed in
png_combine_rowinstead of addressing the issue directly inpng_read_IDAT_data?Understanding the reasoning behind this decision would help in evaluating the scope of the fix and its implications on other parts of the code.
The text was updated successfully, but these errors were encountered: