Versio.io

CVE-2015-8126

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 13-11-2015 04:59
Last modified: - 13-05-2022 04:57
Total changes: - 2

Description

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P
Low
Attack complexity
Network
Attack vector
Low
Availability
Low
Confidentiality
Low
Integrity
-
Privileges required
-
Scope
-
User interaction
7.5
Base score
10.0
6.4
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=libpng AND product=libpng AND versionStartIncluding=1.6.0 AND versionEndExcluding=1.6.19
vendor=libpng AND product=libpng AND versionStartIncluding=1.5.0 AND versionEndExcluding=1.5.24
vendor=libpng AND product=libpng AND versionStartIncluding=1.3.0 AND versionEndExcluding=1.4.17
vendor=libpng AND product=libpng AND versionStartIncluding=1.1.1 AND versionEndExcluding=1.2.54
vendor=libpng AND product=libpng AND versionEndExcluding=1.0.64
OR
vendor=fedoraproject AND product=fedora AND version=22
vendor=fedoraproject AND product=fedora AND version=23
vendor=fedoraproject AND product=fedora AND version=21
OR
vendor=suse AND product=linux_enterprise_desktop AND version=11 AND update=sp3
vendor=suse AND product=linux_enterprise_desktop AND version=11 AND update=sp4
vendor=suse AND product=linux_enterprise_server AND version=12 AND update=sp1
vendor=suse AND product=linux_enterprise_desktop AND version=12 AND update=sp1
vendor=opensuse AND product=leap AND version=42.1
vendor=opensuse AND product=opensuse AND version=13.1
vendor=opensuse AND product=opensuse AND version=13.2
vendor=suse AND product=linux_enterprise_server AND version=12 AND update=-
vendor=suse AND product=linux_enterprise_desktop AND version=12 AND update=-
OR
vendor=Debian AND product=debian_linux AND version=8.0
vendor=Debian AND product=debian_linux AND version=7.0
vendor=Debian AND product=debian_linux AND version=9.0
OR
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_desktop AND version=7.0
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.2
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_workstation AND version=7.0
vendor=Red Hat Enterprise Linux AND product=satellite AND version=5.7
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=7.2
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server AND version=7.0
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus AND version=6.7
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_desktop AND version=6.0
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server AND version=6.0
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_workstation AND version=6.0
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus AND version=7.2
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus AND version=7.3
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus AND version=7.4
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus AND version=7.5
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus AND version=7.6
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus AND version=7.7
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.3
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.4
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.6
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.7
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=7.3
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=7.6
vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=7.7
AND
OR
vendor=Red Hat Enterprise Linux AND product=satellite AND version=5.6
OR
vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=6.0
vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=5.0
OR
vendor=oracle AND product=solaris AND version=11.3
vendor=oracle AND product=linux AND version=6 AND update=-
vendor=oracle AND product=linux AND version=7 AND update=-
vendor=oracle AND product=jdk AND version=1.8.0 AND update=update65
vendor=oracle AND product=jdk AND version=1.8.0 AND update=update66
vendor=oracle AND product=jdk AND version=1.6.0 AND update=update105
vendor=oracle AND product=jdk AND version=1.7.0 AND update=update91
vendor=oracle AND product=jre AND version=1.6.0 AND update=update105
vendor=oracle AND product=jre AND version=1.7.0 AND update=update91
vendor=oracle AND product=jre AND version=1.8.0 AND update=update66
vendor=oracle AND product=jre AND version=1.8.0 AND update=update65
OR
vendor=apple AND product=mac_os_x AND versionEndExcluding=10.11.4
OR
vendor=canonical AND product=ubuntu_linux AND version=15.10
vendor=canonical AND product=ubuntu_linux AND version=15.04
vendor=canonical AND product=ubuntu_linux AND version=12.04 AND software_edition=esm
vendor=canonical AND product=ubuntu_linux AND version=14.04 AND software_edition=esm
 

Reference

 


Keywords

NVD

 

CVE-2015-8126

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.