libpng

libpng-1.6.29 adds optimized code for PowerPC, and moves the optimized code for Intel into the main libpng directory.

libpng-1.6.28 has been released to fix a bug exposed when attempting to build with zlib-1.2.9 or 1.2.10

New versions released to fix CVE-2016-10087

Libpng-1.5.26, 1.4.19, 1.2.56, and 1.0.66 fix an out-of-range read in png_check_keyword(), CVE-2015-8540.

The bugfix of CVE-2015-8126 in the previous versions was incomplete; it defended against malevolent PNG files that are read via png_handle_PLTE but did not detect applications that use png_set_PLTE to set an over-length palette. This set of releases completes the bugfix, fixing CVE-2015-8472.

libpng-1.6.19, libpng-1.5.24, libpng-1.2.54, libpng-1.4.17, and libpng-1.0.64 have been released to fix a potential out-of-bounds read in png_set_tIME/png_convert_to_rfc1123 and a potential out-of-bounds write in png_get_PLTE/png_set_PLTE.

libpng-1.6.18 and 1.5.23 were released last week. Due to the outage, they aren't available yet in the SourceForge File Release System. They are, however, available from the glennrp/libpng-releases repository at github.

libpng-1.6.17 and 1.5.22 have been released. They "harden" the library against attacks using very wide images by imposing a default limit of 1 million columns. Users who truly need to process wider images can override this limit.

libpng-1.7.0beta49 has been released, to test some changes to the filter-selection procedure to use a single "try_row" buffer instead of separate "sub_row, up_row, avg_row, and paeth_row" buffers. Please try it out and report back; if all goes well I'll port it back to libpng15 and libpng16 soon.

libpng-1.6.16 has been released to fix two potential overflows while reading very wide images.