CVE-2015-2158 — Off-by-one Error in Project Pngcrush

CWE-189 CWE-193 — Off-by-one Error CWE-787 — Out-of-bounds Write9 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 38.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pngcrush Project Pngcrush Debian Pngcrush Msrc Azl3 Fltk 1.3.8-1 ON Azure Linux 3.0 +7 more

Timeline

PublishedOct 6

Latest updateMay 17

Description

Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

▶NVDpngcrush_project/pngcrush1.7.83

▶debiandebian/pngcrush

▶msrcmsrc/azl3_fltk_1.3.8-1_on_azure_linux_3.0

▶msrcmsrc/azl3_teckit_2.5.12-4_on_azure_linux_3.0

▶msrcmsrc/cbl2_cmake_3.21.4-17_on_cbl_mariner_2.0

Patches

Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-qm7x-p4cx-r7pj: Off-by-one error in the pngcrush_measure_idat function in pngcrush↗2022-05-17

▶

📋Vendor Advisories

Microsoft

Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service↗2017-10-10

▶

Red Hat

pngcrush: pngcrush_measure_idat() off-by-one error↗2015-01-28

▶

Debian

CVE-2015-2158: pngcrush - Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush...↗2015

▶

💬Community

HackerOne

pngcrush_measure_idat() off-by-one error (CVE-2015-2158)↗2019-10-04

▶

Bugzilla

CVE-2015-2158 pngcrush: buffer overflow potentially leading to code execution [fedora-all]↗2015-03-03

▶

Bugzilla

CVE-2015-2158 pngcrush: buffer overflow potentially leading to code execution [epel-all]↗2015-03-03

▶

Bugzilla

CVE-2015-2158 pngcrush: pngcrush_measure_idat() off-by-one error↗2015-03-03

▶