Published: 24/11/2015 Updated: 01/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x prior to 1.0.64, 1.2.x prior to 1.2.54, and 1.4.x prior to 1.4.17 allows remote malicious users to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 15.10
canonical ubuntu linux 15.04
debian debian linux 7.0
debian debian linux 8.0
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
redhat enterprise linux hpc node eus 7.2
redhat enterprise linux server aus 7.2
redhat enterprise linux server eus 7.2
redhat enterprise linux hpc node 7.0
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
libpng libpng 1.0.0
libpng libpng 1.0.16
libpng libpng 1.0.17
libpng libpng 1.0.23
libpng libpng 1.0.24
libpng libpng 1.0.1
libpng libpng 1.0.10
libpng libpng 1.0.11
libpng libpng 1.0.18
libpng libpng 1.0.19
libpng libpng 1.0.25
libpng libpng 1.0.26
libpng libpng 1.0.33
libpng libpng 1.0.34
libpng libpng 1.0.42
libpng libpng 1.0.43
libpng libpng 1.0.50
libpng libpng 1.0.51
libpng libpng 1.0.59
libpng libpng 1.0.60
libpng libpng 1.0.6
libpng libpng 1.0.7
libpng libpng 1.2.12
libpng libpng 1.2.13
libpng libpng 1.2.20
libpng libpng 1.2.21
libpng libpng 1.2.28
libpng libpng 1.2.29
libpng libpng 1.2.35
libpng libpng 1.2.36
libpng libpng 1.2.43
libpng libpng 1.2.47
libpng libpng 1.2.48
libpng libpng 1.2.5
libpng libpng 1.2.6
libpng libpng 1.2.7
libpng libpng 1.4.12
libpng libpng 1.4.13
libpng libpng 1.4.5
libpng libpng 1.4.6
libpng libpng 1.0.14
libpng libpng 1.0.15
libpng libpng 1.0.21
libpng libpng 1.0.22
libpng libpng 1.0.29
libpng libpng 1.0.3
libpng libpng 1.0.38
libpng libpng 1.0.39
libpng libpng 1.0.46
libpng libpng 1.0.47
libpng libpng 1.0.54
libpng libpng 1.0.55
libpng libpng 1.0.56
libpng libpng 1.0.63
libpng libpng 1.2.0
libpng libpng 1.2.1
libpng libpng 1.2.16
libpng libpng 1.2.17
libpng libpng 1.2.18
libpng libpng 1.2.24
libpng libpng 1.2.25
libpng libpng 1.2.31
libpng libpng 1.2.32
libpng libpng 1.2.4
libpng libpng 1.2.40
libpng libpng 1.2.45
libpng libpng 1.2.46
libpng libpng 1.2.51
libpng libpng 1.2.52
libpng libpng 1.4.0
libpng libpng 1.4.1
libpng libpng 1.4.16
libpng libpng 1.4.2
libpng libpng 1.4.9
libpng libpng 1.0.30
libpng libpng 1.0.31
libpng libpng 1.0.32
libpng libpng 1.0.40
libpng libpng 1.0.41
libpng libpng 1.0.48
libpng libpng 1.0.5
libpng libpng 1.0.57
libpng libpng 1.0.58
libpng libpng 1.2.10
libpng libpng 1.2.11
libpng libpng 1.2.19
libpng libpng 1.2.2
libpng libpng 1.2.26
libpng libpng 1.2.27
libpng libpng 1.2.33
libpng libpng 1.2.34
libpng libpng 1.2.41
libpng libpng 1.2.42
libpng libpng 1.2.53
libpng libpng 1.4.10
libpng libpng 1.4.11
libpng libpng 1.4.3
libpng libpng 1.4.4
libpng libpng 1.0.12
libpng libpng 1.0.13
libpng libpng 1.0.2
libpng libpng 1.0.20
libpng libpng 1.0.27
libpng libpng 1.0.28
libpng libpng 1.0.35
libpng libpng 1.0.37
libpng libpng 1.0.44
libpng libpng 1.0.45
libpng libpng 1.0.52
libpng libpng 1.0.53
libpng libpng 1.0.61
libpng libpng 1.0.62
libpng libpng 1.0.8
libpng libpng 1.0.9
libpng libpng 1.2.14
libpng libpng 1.2.15
libpng libpng 1.2.22
libpng libpng 1.2.23
libpng libpng 1.2.3
libpng libpng 1.2.30
libpng libpng 1.2.37
libpng libpng 1.2.38
libpng libpng 1.2.39
libpng libpng 1.2.44
libpng libpng 1.2.49
libpng libpng 1.2.50
libpng libpng 1.2.8
libpng libpng 1.2.9
libpng libpng 1.4.14
libpng libpng 1.4.15
libpng libpng 1.4.7
libpng libpng 1.4.8
redhat enterprise linux hpc node 6.0
redhat enterprise linux desktop 6.0
redhat enterprise linux server eus 6.7.z
redhat enterprise linux workstation 6.0
redhat enterprise linux server 6.0

libpng could be made to crash or run programs as your login if it opened a specially crafted file ...

Synopsis Moderate: libpng12 security update Type/Severity Security Advisory: Moderate Topic Updated libpng12 packages that fix three security issues are now availablefor Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability Scoring ...

Synopsis Moderate: libpng security update Type/Severity Security Advisory: Moderate Topic Updated libpng packages that fix three security issues are now availablefor Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability Scoring Syst ...

Debian Bug report logs - #803078 libpng: CVE-2015-7981: out-of-bound read Package: src:libpng; Maintainer for src:libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 26 Oct 2015 18:06:02 UTC Severity: important Tags: fixed-upstream, patch, security, ...

Debian Bug report logs - #805113 CVE-2015-8126: buffer overflow Package: libpng12-0; Maintainer for libpng12-0 is Anibal Monsalve Salazar <anibal@debianorg>; Source for libpng12-0 is src:libpng (PTS, buildd, popcon) Reported by: Josh Triplett <josh@joshtriplettorg> Date: Sat, 14 Nov 2015 20:57:02 UTC Severity: cri ...

Several vulnerabilities have been discovered in the libpng PNG library The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-7981 Qixue Xiao discovered an out-of-bounds read vulnerability in the png_convert_to_rfc1123 function A remote attacker can potentially take advantage of this flaw to caus ...

It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8 In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads An attacker coul ...

An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image ...

CWE-200 http://sourceforge.net/projects/libpng/files/libpng14/1.4.17/http://sourceforge.net/p/libpng/bugs/241/http://sourceforge.net/projects/libpng/files/libpng10/1.0.64/http://www.openwall.com/lists/oss-security/2015/10/26/1 http://www.debian.org/security/2015/dsa-3399 http://www.openwall.com/lists/oss-security/2015/10/26/3 http://www.ubuntu.com/usn/USN-2815-1 http://sourceforge.net/projects/libpng/files/libpng12/1.2.54/http://rhn.redhat.com/errata/RHSA-2015-2595.html http://rhn.redhat.com/errata/RHSA-2015-2594.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://access.redhat.com/errata/RHSA-2016:1430 http://www.securityfocus.com/bid/77304 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html http://www.securitytracker.com/id/1034393 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html https://security.gentoo.org/glsa/201611-08 https://usn.ubuntu.com/2815-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-7981

Get Started

CVE-2015-7981

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect