Описание
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | uses system libpng |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [uses system libpng]] |
| precise | not-affected | uses system libpng |
| trusty | not-affected | uses system libpng |
| trusty/esm | DNE | trusty was not-affected [uses system libpng] |
| upstream | needs-triage | |
| vivid | not-affected | uses system libpng |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | not-affected | uses system libpng |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | bundles libpng 1.6.18 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [bundles libpng 1.6.18]] |
| precise | not-affected | bundles libpng 1.6.18 |
| trusty | not-affected | bundles libpng 1.6.18 |
| trusty/esm | DNE | trusty was not-affected [bundles libpng 1.6.18] |
| upstream | not-affected | bundles libpng 1.6.18 |
| vivid | not-affected | bundles libpng 1.6.18 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | not-affected | bundles libpng 1.6.18 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.2.54-1ubuntu1 |
| esm-infra-legacy/trusty | released | 1.2.50-1ubuntu2.14.04.2 |
| precise | released | 1.2.46-3ubuntu4.2 |
| trusty | released | 1.2.50-1ubuntu2.14.04.2 |
| trusty/esm | released | 1.2.50-1ubuntu2.14.04.2 |
| upstream | pending | 1.0.66, 1.2.56, 1.4.19, and 1.5.26 |
| vivid | released | 1.2.51-0ubuntu3.15.04.2 |
| vivid/stable-phone-overlay | released | 1.2.51-0ubuntu3.15.04.2 |
| vivid/ubuntu-core | released | 1.2.51-0ubuntu3.15.04.2 |
| wily | released | 1.2.51-0ubuntu3.15.10.2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | bundles libpng 1.6.16 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [bundles libpng 1.6.16]] |
| precise | not-affected | bundles libpng 1.6.16 |
| trusty | not-affected | bundles libpng 1.6.16 |
| trusty/esm | DNE | trusty was not-affected [bundles libpng 1.6.16] |
| upstream | not-affected | bundles libpng 1.6.16 |
| vivid | not-affected | bundles libpng 1.6.16 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | not-affected | bundles libpng 1.6.16 |
Показывать по
9.3 Critical
CVSS2
8.8 High
CVSS3
Связанные уязвимости
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Integer underflow in the png_check_keyword function in pngwutil.c in l ...
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Уязвимость библиотеки libpng, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
9.3 Critical
CVSS2
8.8 High
CVSS3