National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2015-8126 Detail

Description

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

Source:  MITRE      Last Modified:  11/12/2015

Quick Info

CVE Dictionary Entry:
CVE-2015-8126
Original release date:
11/12/2015
Last revised:
06/30/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.5 HIGH
Vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html External Source CONFIRM http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html External Source APPLE APPLE-SA-2016-03-21-5
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html External Source FEDORA FEDORA-2015-5e52306c9c
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html External Source FEDORA FEDORA-2015-1d87313b7c
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html External Source FEDORA FEDORA-2015-ec2ddd15d7
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html External Source FEDORA FEDORA-2015-501493d853
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html External Source FEDORA FEDORA-2015-13668fff74
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html External Source FEDORA FEDORA-2015-97fc1797fa
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html External Source FEDORA FEDORA-2015-8a1243db75
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html External Source FEDORA FEDORA-2016-9a1c707b10
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html External Source FEDORA FEDORA-2016-43735c33a7
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html External Source FEDORA FEDORA-2015-c80ec85542
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html External Source FEDORA FEDORA-2015-233750b6ab
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html External Source FEDORA FEDORA-2015-4ad4998d00
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html External Source SUSE openSUSE-SU-2015:2099
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html External Source SUSE openSUSE-SU-2015:2100
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html External Source SUSE SUSE-SU-2016:0256
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html External Source SUSE openSUSE-SU-2016:0263
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html External Source SUSE SUSE-SU-2016:0265
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html External Source SUSE openSUSE-SU-2016:0268
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html External Source SUSE SUSE-SU-2016:0269
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html External Source SUSE openSUSE-SU-2016:0270
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html External Source SUSE openSUSE-SU-2016:0272
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html External Source SUSE openSUSE-SU-2016:0279
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html External Source SUSE openSUSE-SU-2016:0664
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html External Source SUSE SUSE-SU-2016:0665
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html External Source SUSE openSUSE-SU-2016:0684
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html External Source SUSE openSUSE-SU-2016:0729
http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html External Source SUSE openSUSE-SU-2015:2135
http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html External Source SUSE openSUSE-SU-2015:2136
http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html External Source SUSE openSUSE-SU-2015:2262
http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html External Source SUSE openSUSE-SU-2015:2263
http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html External Source SUSE openSUSE-SU-2016:0103
http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html External Source SUSE openSUSE-SU-2016:0104
http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html External Source SUSE openSUSE-SU-2016:0105
http://rhn.redhat.com/errata/RHSA-2015-2594.html External Source REDHAT RHSA-2015:2594
http://rhn.redhat.com/errata/RHSA-2015-2595.html External Source REDHAT RHSA-2015:2595
http://rhn.redhat.com/errata/RHSA-2015-2596.html External Source REDHAT RHSA-2015:2596
http://rhn.redhat.com/errata/RHSA-2016-0055.html External Source REDHAT RHSA-2016:0055
http://rhn.redhat.com/errata/RHSA-2016-0056.html External Source REDHAT RHSA-2016:0056
http://rhn.redhat.com/errata/RHSA-2016-0057.html External Source REDHAT RHSA-2016:0057
http://www.debian.org/security/2015/dsa-3399 External Source DEBIAN DSA-3399
http://www.debian.org/security/2016/dsa-3507 External Source DEBIAN DSA-3507
http://www.openwall.com/lists/oss-security/2015/11/12/2 External Source MLIST [oss-security] 20151112 CVE request: libpng buffer overflow in png_set_PLTE
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/77568 External Source BID 77568
http://www.securitytracker.com/id/1034142 External Source SECTRACK 1034142
http://www.ubuntu.com/usn/USN-2815-1 External Source UBUNTU USN-2815-1
https://access.redhat.com/errata/RHSA-2016:1430 External Source REDHAT RHSA-2016:1430
https://code.google.com/p/chromium/issues/detail?id=560291 External Source CONFIRM https://code.google.com/p/chromium/issues/detail?id=560291
https://kc.mcafee.com/corporate/index?page=content&id=SB10148 External Source CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10148
https://security.gentoo.org/glsa/201603-09 External Source GENTOO GLSA-201603-09
https://security.gentoo.org/glsa/201611-08 External Source GENTOO GLSA-201611-08
https://support.apple.com/HT206167 Vendor Advisory External Source CONFIRM https://support.apple.com/HT206167

Technical Details

Vulnerability Type (View All)

Change History 15 change records found - show changes