Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng prior to 1.0.64, 1.1.x and 1.2.x prior to 1.2.54, 1.3.x and 1.4.x prior to 1.4.17, 1.5.x prior to 1.5.24, and 1.6.x prior to 1.6.19 allow remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libpng libpng |
||
fedoraproject fedora 22 |
||
fedoraproject fedora 23 |
||
fedoraproject fedora 21 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise server 12 |
||
suse linux enterprise desktop 12 |
||
opensuse leap 42.1 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
debian debian linux 9.0 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux server aus 7.2 |
||
redhat enterprise linux workstation 7.0 |
||
redhat satellite 5.7 |
||
redhat enterprise linux server tus 7.2 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux eus 6.7 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux eus 7.2 |
||
redhat enterprise linux eus 7.3 |
||
redhat enterprise linux eus 7.4 |
||
redhat enterprise linux eus 7.5 |
||
redhat enterprise linux eus 7.6 |
||
redhat enterprise linux eus 7.7 |
||
redhat enterprise linux server aus 7.3 |
||
redhat enterprise linux server aus 7.4 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux server aus 7.7 |
||
redhat enterprise linux server tus 7.3 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux server tus 7.7 |
||
redhat satellite 5.6 |
||
oracle solaris 11.3 |
||
oracle linux 6 |
||
oracle linux 7 |
||
oracle jdk 1.8.0 |
||
oracle jdk 1.6.0 |
||
oracle jdk 1.7.0 |
||
oracle jre 1.6.0 |
||
oracle jre 1.7.0 |
||
oracle jre 1.8.0 |
||
apple mac os x |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |
Big Red helpfully (?) only reveals the reasons for patches to those with support deals
Oracle has just pushed out its quarterly batch of critical patches, so sysadmins had best get busy. The bug-splat haul covers a record-setting 248 individual fixes, with the full list here. The Oracle E-Business Suite gets the biggest serve, with a whopping 78 bugs patched, 68 of which are remotely exploitable without authentication. As always, there's Java fixes in the mix: eight patches, of which seven are fixing remotely-exploitable no-authentication-needed vulnerabilities. Four are client-on...