Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2015-8540

Published: 14/04/2016 Updated: 07/11/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Enterprise Linux Desktop Supplementary

Vulnerability Summary

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 up to and including 0.99, 1.0.x prior to 1.0.66, 1.1.x and 1.2.x prior to 1.2.56, 1.3.x and 1.4.x prior to 1.4.19, and 1.5.x prior to 1.5.26 allows remote malicious users to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux desktop supplementary 6.0

redhat enterprise linux server supplementary 6.0

redhat enterprise linux hpc node 6.0

redhat enterprise linux workstation supplementary 6.0

redhat enterprise linux server supplementary 5.0

redhat enterprise linux desktop supplementary 5.0

libpng libpng 1.2.14

libpng libpng 1.2.45

libpng libpng 1.2.46

libpng libpng 1.2.33

libpng libpng 1.2.16

libpng libpng 1.2.35

libpng libpng 1.2.29

libpng libpng 1.2.26

libpng libpng 1.2.54

libpng libpng 1.2.7

libpng libpng 1.2.43

libpng libpng 1.2.2

libpng libpng 1.2.4

libpng libpng 1.2.22

libpng libpng 1.2.39

libpng libpng 1.2.48

libpng libpng 1.2.55

libpng libpng 1.2.50

libpng libpng 1.2.44

libpng libpng 1.2.0

libpng libpng 1.2.12

libpng libpng 1.2.47

libpng libpng 1.2.27

libpng libpng 1.2.18

libpng libpng 1.2.21

libpng libpng 1.2.30

libpng libpng 1.2.36

libpng libpng 1.2.20

libpng libpng 1.2.49

libpng libpng 1.2.10

libpng libpng 1.2.38

libpng libpng 1.2.41

libpng libpng 1.2.8

libpng libpng 1.2.32

libpng libpng 1.2.3

libpng libpng 1.2.28

libpng libpng 1.2.15

libpng libpng 1.2.1

libpng libpng 1.2.13

libpng libpng 1.2.17

libpng libpng 1.2.11

libpng libpng 1.2.53

libpng libpng 1.2.23

libpng libpng 1.2.40

libpng libpng 1.2.5

libpng libpng 1.2.34

libpng libpng 1.2.51

libpng libpng 1.2.6

libpng libpng 1.2.31

libpng libpng 1.2.19

libpng libpng 1.2.9

libpng libpng 1.2.52

libpng libpng 1.2.24

libpng libpng 1.2.25

libpng libpng 1.2.37

libpng libpng 1.2.42

libpng libpng 1.1.1

libpng libpng 1.0.37

libpng libpng 1.0.41

libpng libpng 1.0.46

libpng libpng 1.0.65

libpng libpng 1.0.1

libpng libpng 1.0.8

libpng libpng 1.0.55

libpng libpng 1.0.14

libpng libpng 1.0.17

libpng libpng 1.0.35

libpng libpng 1.0.52

libpng libpng 1.0.27

libpng libpng 1.0.22

libpng libpng 1.0.11

libpng libpng 1.0.20

libpng libpng 1.0.9

libpng libpng 1.0.13

libpng libpng 1.0.44

libpng libpng 1.0.6

libpng libpng 1.0.32

libpng libpng 1.0.50

libpng libpng 1.0.57

libpng libpng 1.0.34

libpng libpng 1.0.25

libpng libpng 1.0.21

libpng libpng 1.0.43

libpng libpng 1.0.38

libpng libpng 1.0.3

libpng libpng 1.0.40

libpng libpng 1.0.51

libpng libpng 1.0.18

libpng libpng 1.0.64

libpng libpng 1.0.54

libpng libpng 1.0.7

libpng libpng 1.0.16

libpng libpng 1.0.59

libpng libpng 1.0.2

libpng libpng 1.0.5

libpng libpng 1.0.29

libpng libpng 1.0.56

libpng libpng 1.0.39

libpng libpng 1.0.42

libpng libpng 1.0.24

libpng libpng 1.0.61

libpng libpng 1.0.12

libpng libpng 1.0.15

libpng libpng 1.0.19

libpng libpng 1.0.62

libpng libpng 1.0.28

libpng libpng 1.0.47

libpng libpng 1.0.48

libpng libpng 1.0.45

libpng libpng 1.0.26

libpng libpng 1.0.60

libpng libpng 1.0.33

libpng libpng 1.0.0

libpng libpng 1.0.53

libpng libpng 1.0.23

libpng libpng 1.0.63

libpng libpng 1.0.30

libpng libpng 1.0.10

libpng libpng 1.0.31

libpng libpng 1.0.58

fedoraproject fedora 23

debian debian linux 6.0

libpng libpng 1.4.9

libpng libpng 1.4.12

libpng libpng 1.4.11

libpng libpng 1.4.15

libpng libpng 1.4.4

libpng libpng 1.4.7

libpng libpng 1.4.1

libpng libpng 1.4.10

libpng libpng 1.4.2

libpng libpng 1.4.18

libpng libpng 1.4.0

libpng libpng 1.4.13

libpng libpng 1.4.6

libpng libpng 1.4.5

libpng libpng 1.4.3

libpng libpng 1.4.16

libpng libpng 1.4.8

libpng libpng 1.4.14

libpng libpng 1.4.17

libpng libpng 0.98

libpng libpng 0.95

libpng libpng 0.90

libpng libpng 0.97

libpng libpng 0.99

libpng libpng 0.96

libpng libpng 1.5.14

libpng libpng 1.5.9

libpng libpng 1.5.8

libpng libpng 1.5.23

libpng libpng 1.5.7

libpng libpng 1.5.1

libpng libpng 1.5.6

libpng libpng 1.5.19

libpng libpng 1.5.3

libpng libpng 1.5.12

libpng libpng 1.5.11

libpng libpng 1.5.21

libpng libpng 1.5.20

libpng libpng 1.5.4

libpng libpng 1.5.5

libpng libpng 1.5.10

libpng libpng 1.5.15

libpng libpng 1.5.17

libpng libpng 1.5.0

libpng libpng 1.5.13

libpng libpng 1.5.2

libpng libpng 1.5.22

libpng libpng 1.5.18

libpng libpng 1.5.24

libpng libpng 1.5.16

libpng libpng 1.5.25

libpng libpng 1.3.0

Vendor Advisories

Ubuntu Security Notice: libpng vulnerabilities
libpng could be made to crash or run programs as your login if it opened a specially crafted file ...
Debian CVElist Bug Report Logs: libpng: Incomplete fix for CVE-2015-8126
Debian Bug report logs - #807112 libpng: Incomplete fix for CVE-2015-8126 Package: src:libpng; Maintainer for src:libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 5 Dec 2015 13:27:02 UTC Severity: serious Tags: fixed-upstream, security, upstream ...
Debian CVElist Bug Report Logs: libpng: CVE-2015-8540: read underflow in libpng
Debian Bug report logs - #807694 libpng: CVE-2015-8540: read underflow in libpng Package: src:libpng; Maintainer for src:libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 11 Dec 2015 16:48:01 UTC Severity: serious Tags: fixed-upstream, jessie, patc ...
Debian Security Advisories: DSA-3443-1 libpng -- security update
Several vulnerabilities have been discovered in the libpng PNG library The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8472 It was discovered that the original fix for CVE-2015-8126 was incomplete and did not detect a potential overrun by applications using png_set_PLTE directly A remo ...
Amazon Linux 2: ALAS2-2023-1904
Integer underflow in the png_check_keyword function in pngwutilc in libpng 090 through 099, 10x before 1066, 11x and 12x before 1256, 13x and 14x before 1419, and 15x before 1526 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read (CVE-201 ...

References

CWE-189http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/http://www.openwall.com/lists/oss-security/2015/12/10/7http://www.openwall.com/lists/oss-security/2015/12/11/2http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/http://sourceforge.net/p/libpng/bugs/244/http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.htmlhttp://sourceforge.net/projects/libpng/files/libpng15/1.5.26/http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/http://www.securityfocus.com/bid/80592http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/http://www.openwall.com/lists/oss-security/2015/12/10/6http://www.openwall.com/lists/oss-security/2015/12/17/10http://www.openwall.com/lists/oss-security/2015/12/11/1http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttps://access.redhat.com/errata/RHSA-2016:1430https://security.gentoo.org/glsa/201611-08http://www.debian.org/security/2016/dsa-3443https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://usn.ubuntu.com/2861-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook