ALT-PU-2015-2157-1

BDU:2016-01652

CRITICAL9.3

Уязвимость библиотеки libpng, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации

Опубликовано: 2016-07-19Изменено: 2021-03-23

CVSS 2.0КРИТИЧЕСКАЯ 9.3

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C

Ссылки

CVE-2015-8540
FEDORA-2015-3868cfa17b
BID ID:80592

CVE-2015-8540

HIGH8.8

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

Опубликовано: 2016-04-14Изменено: 2025-04-12

CVSS 2.0КРИТИЧЕСКАЯ 9.3

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html
http://sourceforge.net/p/libpng/bugs/244/
http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/
http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/
http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/
http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/
http://www.debian.org/security/2016/dsa-3443
http://www.openwall.com/lists/oss-security/2015/12/10/6
http://www.openwall.com/lists/oss-security/2015/12/10/7
http://www.openwall.com/lists/oss-security/2015/12/11/1
http://www.openwall.com/lists/oss-security/2015/12/11/2
http://www.openwall.com/lists/oss-security/2015/12/17/10
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.securityfocus.com/bid/80592
https://access.redhat.com/errata/RHSA-2016:1430
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://security.gentoo.org/glsa/201611-08
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html
http://sourceforge.net/p/libpng/bugs/244/
http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/
http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/
http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/
http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/
http://www.debian.org/security/2016/dsa-3443
http://www.openwall.com/lists/oss-security/2015/12/10/6
http://www.openwall.com/lists/oss-security/2015/12/10/7
http://www.openwall.com/lists/oss-security/2015/12/11/1
http://www.openwall.com/lists/oss-security/2015/12/11/2
http://www.openwall.com/lists/oss-security/2015/12/17/10
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.securityfocus.com/bid/80592
https://access.redhat.com/errata/RHSA-2016:1430
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://security.gentoo.org/glsa/201611-08

Обновление пакета libpng в ветке sisyphus

Закрытые проблемы (2)

Уязвимость библиотеки libpng, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации