Impact
Due to an API corner case in miniz 2.1.0 parsing of compressed metadata may lead to an infinite loop.
This only applies to builds compiled against miniz 2.1.0, builds using zlib are unaffected.
Patches
This issue has been fixed in 0.6.2.
Workarounds
This is the workaround.
References
For more information
If you have any questions or comments about this advisory open an issue at: https://github.com/randy408/libspng/issues
Impact
Due to an API corner case in miniz 2.1.0 parsing of compressed metadata may lead to an infinite loop.
This only applies to builds compiled against miniz 2.1.0, builds using zlib are unaffected.
Patches
This issue has been fixed in 0.6.2.
Workarounds
This is the workaround.
References
For more information
If you have any questions or comments about this advisory open an issue at: https://github.com/randy408/libspng/issues