CVE-2015-0973 — Heap-based Buffer Overflow in Libpng

CWE-122 — Heap-based Buffer Overflow CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120 — Classic Buffer Overflow9 documents9 sources

Severity

8.8HIGHNVD

EPSS

2.0%

top 16.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Libpng Oracle Solaris

Timeline

PublishedJan 18

Latest updateMay 17

Description

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDlibpng/libpng1.5.20+16

▶NVDapple/mac_os_x10.11.3

▶NVDoracle/solaris11.2

🔴Vulnerability Details

GHSA

GHSA-5gg5-9r5r-wpgh: Buffer overflow in the png_read_IDAT_data function in pngrutil↗2022-05-17

▶

OSV

CVE-2015-0973: Buffer overflow in the png_read_IDAT_data function in pngrutil↗2015-01-18

▶

CVEList

CVE-2015-0973: Buffer overflow in the png_read_IDAT_data function in pngrutil↗2015-01-18

▶

📋Vendor Advisories

Android

CVE-2015-0973: Android Security Bulletin 2015-08-01 CVE: CVE-2015-0973 Severity: HIGH Affected AOSP versions: 5↗2015-08-01

▶

Debian

CVE-2015-0973: libpng1.6 - Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng befor...↗2015

▶

Red Hat

libpng: Heap-buffer overflow png_combine_row() with very wide interlaced images↗2014-12-22

▶

Apple

CVE-2015-0973: OS X El Capitan v10.11.4 and Security Update 2016-002↗

▶

💬Community

Bugzilla

CVE-2015-0973 libpng: Heap-buffer overflow png_combine_row() with very wide interlaced images↗2014-12-26

▶