News and History of the PNG Development Group from 2014
Herein lie news items and historical stuff primarily of interest to the
Portable Network Graphics Development Group itself. Feel free to poke
around even if you're not a member, though. Note that some of the links,
particularly the older ones, are broken; in some cases this is explained by
later entries. Other links (CompuServe, tcg.arl.mil) have fallen prey to
reorganizations or upgrades; should they ever reappear, the entries below
will be updated as needed.
Keep in mind that this is history here...
- current - see here
- 21 December 2014 - libpng 1.6.16
is released with a fix for a integer-overflow
vulnerability in png_combine_row()
(CVE-2014-9495) when decoding very
wide, interlaced images.
- 20 November 2014 - libpng 1.6.15
is released with a fix for an out-of-bounds memory
read in png_user_version_check() (possible security
issue?), fixes for various warnings, and other small improvements.
- 22 October 2014 - libpng 1.6.14
is released with a compression fix for iTXt chunks, better error-handling
when writing text chunks, and various other small fixes and improvements.
- 21 August 2014 - libpng 1.6.13 is
released with minor build fixes and cleanups.
- 11 June 2014 - libpng 1.6.12 is
released with two compilation fixes for MS Visual Studio 2010 and
"old clang compilers" (at least on Mac OS).
- 5 June 2014 - libpng 1.6.11 is
released with minor cleanups and fixes, including one to eliminate
rejection of ICC v2 color profiles that lack padding and/or the MD5
signature in the header.
- 6 March 2014 - libpng 1.6.10 is
released with a fix for a
hang (denial-of-service) bug
(CVE-2014-0333) when using the
progressive (streaming) reader on images with zero-length IDAT chunks.
It also fixes a bug in which libpng would read invalid sBIT chunks and
one in which CRC errors were treated as benign.
- 6 February 2014 - libpng 1.6.9
(and 1.5.18, 1.4.13, 1.2.51, and 1.0.61) is
released with minor cleanups, optimizations, and build tweaks.
Here are some related PNG pages at this site:
Last modified 4 April 2015.
Copyright © 1995-2015 Greg Roelofs.