libpng Changelog

New in version 1.6.16

December 23rd, 2014
  • Added ".align 2" to arm/filter_neon.S to support old GAS assemblers that don't do alignment correctly.
  • Revised and scripts/*.dfn to work with MinGW/MSYS; renamed scripts/*.dfn to scripts/*.c (Bob Friesenhahn and John Bowler).
  • Quiet a "comparison always true" warning in pngstest.c (John Bowler).
  • Restored a test on width that was removed from png.c at libpng-1.6.9 (Bug report by Alex Eubanks).
  • Fixed an overflow in png_combine_row with very wide interlaced images.

New in version 1.6.9 (February 7th, 2014)

  • This is a minor cleanup release.

New in version 1.6.8 (December 21st, 2013)

  • This version has a bugfix for CVE-2013-6954 (null pointer dereference), plus some code cleanup.

New in version 1.6.7 (November 20th, 2013)

  • This version adds ARMv8 support and improves unknown chunk support.

New in version 1.6.4 (September 13th, 2013)

  • This version adds minor improvements in speed and footprint.

New in version 1.6.1 (March 30th, 2013)

  • This is a cleanup release with no new features or significant bugfixes.
  • The default gamma handling is improved in the new simplified API.

New in version 1.6.0 (February 16th, 2013)

  • This version adds a "simplified API" and removes some symbols which were deprecated in libpng15.

New in version 1.5.14 (January 29th, 2013)

  • This is a cleanup release with some minor bugfixes and a major fix to compressed iTXt handling.
  • The git repository at SourceForge has been relocated.

New in version 1.5.13 (September 28th, 2012)

  • This version fixes a bug in the png_set_filler function that would incorrectly strip the filler channel under some conditions while writing.

New in version 1.5.12 (July 12th, 2012)

  • This version makes a one-byte change to the pre-built, to address CVE-2012-3386, which reports a vulnerability in automake.
  • It is not necessary to rebuild libpng applications built with earlier versions of libpng.
  • The change only protects the libpng maintainer who is running "make distcheck" after failing to set a safe umask.

New in version 1.5.10 (March 30th, 2012)

  • This is a security release to fix a potential memory corruption (CVE-2011-3048).

New in version 1.5.9 (February 19th, 2012)

  • This is a security release to fix a potential unlimited buffer overrun (CVE-2011-3026).

New in version 1.5.8 (February 4th, 2012)

  • This version fixes a bug in pngerror.c: some long warnings were being improperly truncated and could cause a one-byte buffer overrun (CVE-2011-3464).

New in version 1.5.7 (December 16th, 2011)

  • This release adds support for the ARM processor and further optimizes the code for reading interlaced PNG images.

New in version 1.5.6 (November 3rd, 2011)

  • The speed of decoding interlaced images has been improved.

New in version 1.4.4 (September 24th, 2010)

  • This is a cleanup release with no significant changes to the source files.
  • The CMakeLists.txt script has been updated.
  • Some unwanted files were deleted.
  • The prebuilt autoconf scripts were updated.

New in version 1.4.3 (June 27th, 2010)

  • This version fixes a bug in the progressive reader with reading malformed PNG files that have more row data in the IDAT chunk than is required (CVE-2010-1205) and a memory leak when reading malformed sCAL chunks.

New in version 1.2.40 (September 11th, 2009)

  • An extra png_debug() statement was removed.
  • CMakeLists.txt was revised.
  • This is intended to be the last of the libpng-1.2.X series, with only security fixes from now on.

New in version 1.2.38 (July 16th, 2009)

  • Rebuilt configuration files with autoconf-2.63.
  • Revised license declarations to read "libpng license".
  • Revised conditional compilation of unknown chunk support.

New in version 1.2.37 (June 4th, 2009)

  • Fixed bug with new png_memset() of the big_row_buffer. Otherwise the changes are extensive but just cosmetic.

New in version 1.2.35 (February 19th, 2009)

  • This release fixes a newly discovered vulnerability in which some arrays of pointers are not initialized prior to using malloc to define the pointers. If the application runs out of memory while executing the allocation loop (which can be forced by malevolent input), libpng will jump to a cleanup process that attempts to free all of the pointers, including the undefined ones.

New in version 1.2.34 (December 18th, 2008)

  • This release avoids a potential double-free situation in png_check_keyword() and remedies a shortcoming in png_write_png() by adding separate PNG_TRANSFORM_FILLER_BEFORE and PNG_TRANSFORM_FILLER_AFTER transforms.

New in version 1.2.34 Beta 07 (December 10th, 2008)


New in version 1.2.34 Beta 06 (December 9th, 2008)

  • Respect earlier setting of png_set_filler() byte position in png_write_png().

New in version 1.4.0 Beta 44 (December 6th, 2008)

  • Merged with libpng-1.2.34beta05 to remove redundant NULL tests in png_check_keyword().

New in version 1.2.34 Beta 03 (December 1st, 2008)

  • Merged png_debug from with 1.4.0beta (removes
  • from messages)

New in version 1.2.33 (October 31st, 2008)

  • This release eliminates a vulnerability to memory leaks after reading a malformed tEXt chunk.

New in version 1.2.32 (September 18th, 2008)

  • Fixed crash bug with reading multiple zTXt chunks.