ALT-PU-2015-2068-1
Closed vulnerabilities
Published: 2016-01-21
BDU:2016-01664
Уязвимость библиотеки libpng, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.5)
References:
Published: 2016-01-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-8472
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
Severity: HIGH (7.3)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
- APPLE-SA-2016-03-21-5
- APPLE-SA-2016-03-21-5
- FEDORA-2015-c80ec85542
- FEDORA-2015-c80ec85542
- FEDORA-2015-233750b6ab
- FEDORA-2015-233750b6ab
- FEDORA-2015-4ad4998d00
- FEDORA-2015-4ad4998d00
- SUSE-SU-2016:0256
- SUSE-SU-2016:0256
- openSUSE-SU-2016:0263
- openSUSE-SU-2016:0263
- SUSE-SU-2016:0265
- SUSE-SU-2016:0265
- openSUSE-SU-2016:0268
- openSUSE-SU-2016:0268
- SUSE-SU-2016:0269
- SUSE-SU-2016:0269
- openSUSE-SU-2016:0270
- openSUSE-SU-2016:0270
- openSUSE-SU-2016:0272
- openSUSE-SU-2016:0272
- openSUSE-SU-2016:0279
- openSUSE-SU-2016:0279
- RHSA-2015:2594
- RHSA-2015:2594
- RHSA-2015:2595
- RHSA-2015:2595
- RHSA-2015:2596
- RHSA-2015:2596
- RHSA-2016:0055
- RHSA-2016:0055
- RHSA-2016:0056
- RHSA-2016:0056
- RHSA-2016:0057
- RHSA-2016:0057
- http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/
- http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/
- http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/
- http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/
- http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/
- http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/
- http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/
- http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/
- http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/
- http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/
- DSA-3443
- DSA-3443
- [oss-security] 20151203 Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE
- [oss-security] 20151203 Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 78624
- 78624
- RHSA-2016:1430
- RHSA-2016:1430
- https://kc.mcafee.com/corporate/index?page=content&id=SB10148
- https://kc.mcafee.com/corporate/index?page=content&id=SB10148
- https://support.apple.com/HT206167
- https://support.apple.com/HT206167