CVE-2015-8540
published 2016-04-14CVE-2015-8540: Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and…
high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Affected
181 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH