CVE-2015-8126 — Classic Buffer Overflow in Libpng
Severity
7.5HIGHNVD
EPSS
7.5%
top 8.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 13
Latest updateMay 13
Description
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages15 packages
Also affects: Debian Linux 7.0, 8.0, 9.0, Fedora 21, 22, 23, Ubuntu Linux 12.04, 14.04, 15.04, 15.10, Enterprise Linux 6.7, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-rr6q-q2jh-948f: Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1↗2022-05-13
CVEList▶
CVE-2015-8126: Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1↗2015-11-13
OSV▶
CVE-2015-8126: Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1↗2015-11-12
📋Vendor Advisories
4💬Community
8Bugzilla▶
CVE-2015-8126 libpng15: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all]↗2015-11-17
Bugzilla▶
CVE-2015-8126 libpng12: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all]↗2015-11-17
Bugzilla▶
CVE-2015-8126 libpng10: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all]↗2015-11-14
Bugzilla▶
CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions↗2015-11-13
Bugzilla▶
CVE-2015-8126 libpng10: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-6]↗2015-11-13