exploitDog

CVE-2015-8126

Опубликовано: 13 нояб. 2015

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

Ссылки

http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html
Third Party Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*

Версия до 1.0.64 (исключая)

cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*

Версия от 1.1.1 (включая) до 1.2.54 (исключая)

cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*

Версия от 1.3.0 (включая) до 1.4.17 (исключая)

cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*

Версия от 1.5.0 (включая) до 1.5.24 (исключая)

cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*

Версия от 1.6.0 (включая) до 1.6.19 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Конфигурация 7

Одно из

cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update65:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update65:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Конфигурация 8

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия до 10.11.4 (исключая)

Конфигурация 9

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05569

Низкий

7.5 High

CVSS2

Дефекты

CWE-120

Связанные уязвимости

CVE-2015-8126

ubuntu

больше 9 лет назад

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

CVE-2015-8126

redhat

больше 9 лет назад

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

CVE-2015-8126

msrc

3 месяца назад

Описание отсутствует

CVE-2015-8126

debian

больше 9 лет назад

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE ...

openSUSE-SU-2016:0105-1

suse-cvrf

больше 9 лет назад

Security update for libpng16

EPSS

Процентиль: 90%

0.05569

Низкий

7.5 High

CVSS2

Дефекты

CWE-120