Описание
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | uses system libpng |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [uses system libpng]] |
| precise | not-affected | uses system libpng |
| trusty | not-affected | uses system libpng |
| trusty/esm | DNE | trusty was not-affected [uses system libpng] |
| upstream | needs-triage | |
| vivid | not-affected | uses system libpng |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | not-affected | uses system libpng |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | bundles libpng 1.6.18 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [bundles libpng 1.6.18]] |
| precise | not-affected | bundles libpng 1.6.18 |
| trusty | not-affected | bundles libpng 1.6.18 |
| trusty/esm | DNE | trusty was not-affected [bundles libpng 1.6.18] |
| upstream | not-affected | bundles libpng 1.6.18 |
| vivid | not-affected | bundles libpng 1.6.18 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | not-affected | bundles libpng 1.6.18 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.2.54-1 |
| esm-infra-legacy/trusty | not-affected | 1.2.50-1ubuntu2.14.04.1 |
| precise | released | 1.2.46-3ubuntu4.1 |
| trusty | released | 1.2.50-1ubuntu2.14.04.1 |
| trusty/esm | not-affected | 1.2.50-1ubuntu2.14.04.1 |
| upstream | released | 1.2.54beta01 |
| vivid | released | 1.2.51-0ubuntu3.15.04.1 |
| vivid/stable-phone-overlay | released | 1.2.51-0ubuntu3.15.04.2 |
| vivid/ubuntu-core | released | 1.2.51-0ubuntu3.15.04.1 |
| wily | released | 1.2.51-0ubuntu3.15.10.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | bundles libpng 1.6.16 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [bundles libpng 1.6.16]] |
| precise | not-affected | bundles libpng 1.6.16 |
| trusty | not-affected | bundles libpng 1.6.16 |
| trusty/esm | DNE | trusty was not-affected [bundles libpng 1.6.16] |
| upstream | not-affected | bundles libpng 1.6.16 |
| vivid | not-affected | bundles libpng 1.6.16 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | not-affected | bundles libpng 1.6.16 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1. ...
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
EPSS
5 Medium
CVSS2