Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2015-8126

Published: 13/11/2015 Updated: 13/05/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Libpng

Vulnerability Summary

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng prior to 1.0.64, 1.1.x and 1.2.x prior to 1.2.54, 1.3.x and 1.4.x prior to 1.4.17, 1.5.x prior to 1.5.24, and 1.6.x prior to 1.6.19 allow remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libpng libpng

fedoraproject fedora 22

fedoraproject fedora 23

fedoraproject fedora 21

suse linux enterprise desktop 11

suse linux enterprise server 12

suse linux enterprise desktop 12

opensuse leap 42.1

opensuse opensuse 13.1

opensuse opensuse 13.2

debian debian linux 8.0

debian debian linux 7.0

debian debian linux 9.0

redhat enterprise linux desktop 7.0

redhat enterprise linux server aus 7.2

redhat enterprise linux workstation 7.0

redhat satellite 5.7

redhat enterprise linux server tus 7.2

redhat enterprise linux server 7.0

redhat enterprise linux eus 6.7

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux eus 7.2

redhat enterprise linux eus 7.3

redhat enterprise linux eus 7.4

redhat enterprise linux eus 7.5

redhat enterprise linux eus 7.6

redhat enterprise linux eus 7.7

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux server aus 7.6

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.3

redhat enterprise linux server tus 7.6

redhat enterprise linux server tus 7.7

redhat satellite 5.6

oracle solaris 11.3

oracle linux 6

oracle linux 7

oracle jdk 1.8.0

oracle jdk 1.6.0

oracle jdk 1.7.0

oracle jre 1.6.0

oracle jre 1.7.0

oracle jre 1.8.0

apple mac os x

canonical ubuntu linux 15.10

canonical ubuntu linux 15.04

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

Vendor Advisories

Ubuntu Security Notice: libpng vulnerabilities
libpng could be made to crash or run programs as your login if it opened a specially crafted file ...
Red Hat: Moderate: libpng12 security update
Synopsis Moderate: libpng12 security update Type/Severity Security Advisory: Moderate Topic Updated libpng12 packages that fix three security issues are now availablefor Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability Scoring ...
Red Hat: Moderate: libpng security update
Synopsis Moderate: libpng security update Type/Severity Security Advisory: Moderate Topic Updated libpng packages that fix three security issues are now availablefor Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability Scoring Syst ...
Red Hat: Moderate: libpng security update
Synopsis Moderate: libpng security update Type/Severity Security Advisory: Moderate Topic Updated libpng packages that fix one security issue are now availablefor Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact A Common Vulnerability Scoring Syste ...
Debian CVElist Bug Report Logs: libpng: Incomplete fix for CVE-2015-8126
Debian Bug report logs - #807112 libpng: Incomplete fix for CVE-2015-8126 Package: src:libpng; Maintainer for src:libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 5 Dec 2015 13:27:02 UTC Severity: serious Tags: fixed-upstream, security, upstream ...
Debian CVElist Bug Report Logs: libpng: CVE-2015-7981: out-of-bound read
Debian Bug report logs - #803078 libpng: CVE-2015-7981: out-of-bound read Package: src:libpng; Maintainer for src:libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 26 Oct 2015 18:06:02 UTC Severity: important Tags: fixed-upstream, patch, security, ...
Debian CVElist Bug Report Logs: CVE-2015-8126: buffer overflow
Debian Bug report logs - #805113 CVE-2015-8126: buffer overflow Package: libpng12-0; Maintainer for libpng12-0 is Anibal Monsalve Salazar <anibal@debianorg>; Source for libpng12-0 is src:libpng (PTS, buildd, popcon) Reported by: Josh Triplett <josh@joshtriplettorg> Date: Sat, 14 Nov 2015 20:57:02 UTC Severity: cri ...
Debian Security Advisories: DSA-3443-1 libpng -- security update
Several vulnerabilities have been discovered in the libpng PNG library The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8472 It was discovered that the original fix for CVE-2015-8126 was incomplete and did not detect a potential overrun by applications using png_set_PLTE directly A remo ...
Debian Security Advisories: DSA-3399-1 libpng -- security update
Several vulnerabilities have been discovered in the libpng PNG library The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-7981 Qixue Xiao discovered an out-of-bounds read vulnerability in the png_convert_to_rfc1123 function A remote attacker can potentially take advantage of this flaw to caus ...
Amazon Linux AMI: ALAS-2015-611
Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions in libpng before 1064, 11x and 12x before 1254, 13x and 14x before 1417, 15x before 1524, and 16x before 1619, allowing remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value ...
Red Hat: CVE-2015-8126
It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8 In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads An attacker coul ...

Github Repositories

https://github.com/sonatype-nexus-community/cheque

Audit C/C++ projects (make, cmake, command line, etc.)

cheque Like wearing a toque in the winter, ensuring your software is secure should be second nature, eh Cheque helps you by finding all libraries used by your C/C++ projects, from A to Zed, and retrieving known vulnerabilities from OSS Index This process saves you a significant amount of labour and time, which is much better spent playing hockey, slamming back a two-four, dri

Recent Articles

Oracle drops 248 – count 'em – 248 patches, to fix ... something
The Register • Richard Chirgwin • 20 Jan 2016

Big Red helpfully (?) only reveals the reasons for patches to those with support deals

Oracle has just pushed out its quarterly batch of critical patches, so sysadmins had best get busy. The bug-splat haul covers a record-setting 248 individual fixes, with the full list here. The Oracle E-Business Suite gets the biggest serve, with a whopping 78 bugs patched, 68 of which are remotely exploitable without authentication. As always, there's Java fixes in the mix: eight patches, of which seven are fixing remotely-exploitable no-authentication-needed vulnerabilities. Four are client-on...

Read more...

References

CWE-120http://www.openwall.com/lists/oss-security/2015/11/12/2http://www.debian.org/security/2015/dsa-3399http://www.ubuntu.com/usn/USN-2815-1http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttps://code.google.com/p/chromium/issues/detail?id=560291http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.htmlhttps://support.apple.com/HT206167http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2596.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2595.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2594.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttps://access.redhat.com/errata/RHSA-2016:1430http://www.securityfocus.com/bid/77568https://security.gentoo.org/glsa/201603-09http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.htmlhttp://www.debian.org/security/2016/dsa-3507http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.htmlhttps://kc.mcafee.com/corporate/index?page=content&id=SB10148http://rhn.redhat.com/errata/RHSA-2016-0057.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0056.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0055.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.htmlhttp://lists.opensuse.org/opensuse-updates/2016-01/msg00028.htmlhttp://lists.opensuse.org/opensuse-updates/2015-11/msg00160.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.htmlhttp://lists.opensuse.org/opensuse-updates/2015-11/msg00159.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00063.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00062.htmlhttp://lists.opensuse.org/opensuse-updates/2016-01/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.htmlhttp://www.securitytracker.com/id/1034142http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.htmlhttp://lists.opensuse.org/opensuse-updates/2016-01/msg00030.htmlhttps://security.gentoo.org/glsa/201611-08https://usn.ubuntu.com/2815-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-8126
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook