Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
History
13 May 2022, 14:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:jre:1.8.0:update_65:*:*:*:*:*:* cpe:2.3:a:oracle:jdk:1.6.0:update_105:*:*:*:*:*:* cpe:2.3:a:oracle:jre:1.6.0:update_105:*:*:*:*:*:* cpe:2.3:a:oracle:jre:1.8.0:update_66:*:*:*:*:*:* cpe:2.3:a:oracle:jdk:1.7.0:update_91:*:*:*:*:*:* |
cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:* cpe:2.3:a:oracle:jre:1.8.0:update65:*:*:*:*:*:* cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:* cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:* cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:* cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:* |
Information
Published : 2015-11-13 03:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-8126
Mitre link : CVE-2015-8126
CVE.ORG link : CVE-2015-8126
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- enterprise_linux_workstation
- satellite
- enterprise_linux_server_tus
- enterprise_linux_eus
- enterprise_linux_server_aus
- enterprise_linux
- enterprise_linux_desktop
oracle
- jre
- jdk
- linux
- solaris
opensuse
- opensuse
- leap
fedoraproject
- fedora
apple
- mac_os_x
canonical
- ubuntu_linux
debian
- debian_linux
suse
- linux_enterprise_desktop
- linux_enterprise_server
libpng
- libpng
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')