ALT Linux Team

Package libpng update in sisyphus on 2015-12-21

ALT-PU-2015-2157-1

Package libpng updated to version 1.5.26-alt1 for branch sisyphus in task 155149.

Closed vulnerabilities

Published: 2016-04-14

BDU:2016-01652

Уязвимость библиотеки libpng, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
References:
Published: 2016-04-14
Modified: 2025-04-12

CVE-2015-8540

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top