CVE-2015-7981Sensitive Information Exposure in Libpng

CWE-200Sensitive Information ExposureCWE-125Out-of-bounds Read11 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
2.0%
top 16.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
LibpngCanonical Ubuntu LinuxDebian Linux+7 more
Timeline
PublishedNov 24
Latest updateMay 17

Description

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

Ubuntulibpng/libpng< 1.2.50-1ubuntu2.14.04.1
NVDlibpng/libpng132 versions+131

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.04, 15.10, Enterprise Linux 7.2, 6.7.z

Patches

Patch: sourceforge.netPatch: sourceforge.net

🔴Vulnerability Details

4
GHSA
GHSA-fr3h-2jww-582m: The png_convert_to_rfc1123 function in png2022-05-17
CVEList
CVE-2015-7981: The png_convert_to_rfc1123 function in png2015-11-24
OSV
libpng vulnerabilities2015-11-19
OSV
CVE-2015-7981: The png_convert_to_rfc1123 function in png2015-10-26

📋Vendor Advisories

2
Ubuntu
libpng vulnerabilities2015-11-19
Red Hat
libpng: Out-of-bounds read in png_convert_to_rfc11232015-10-22

💬Community

4
Bugzilla
CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc11232015-10-29
Bugzilla
CVE-2015-7981 libpng12: libpng: Out-of-bounds read in png_convert_to_rfc1123 [fedora-all]2015-10-29
Bugzilla
CVE-2015-7981 libpng10: libpng: Out-of-bounds read in png_convert_to_rfc1123 [epel-6]2015-10-29
Bugzilla
CVE-2015-7981 libpng10: libpng: Out-of-bounds read in png_convert_to_rfc1123 [fedora-all]2015-10-29
CVE-2015-7981 — Sensitive Information Exposure | cvebase