Vulnerability Details : CVE-2015-8126
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2015-8126
Probability of exploitation activity in the next 30 days: 1.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-8126
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
[email protected] |
CWE ids for CVE-2015-8126
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: [email protected] (Primary)
References for CVE-2015-8126
-
http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html
Mailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Third Party Advisory
-
http://www.securityfocus.com/bid/77568
Third Party Advisory;VDB Entry
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html
Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2015/11/12/2
Mailing List;Third Party Advisory
-
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html
Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2815-1
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html
Mailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html
Mailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html
Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html
Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
Mailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0056.html
Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html
Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html
Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html
Third Party Advisory
-
https://security.gentoo.org/glsa/201611-08
Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html
Third Party Advisory
-
https://support.apple.com/HT206167
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
Mailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0057.html
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html
Mailing List;Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3507
Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html
Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html
Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
Mailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html
Third Party Advisory
-
https://security.gentoo.org/glsa/201603-09
Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html
Mailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html
Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Mailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2016:1430
Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html
Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-2596.html
Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html
Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html
Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html
Mailing List;Third Party Advisory
-
https://code.google.com/p/chromium/issues/detail?id=560291
Issue Tracking;Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html
Mailing List;Third Party Advisory
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10148
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
Mailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-2594.html
Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0055.html
Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html
Mailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html
Third Party Advisory
-
http://www.debian.org/security/2015/dsa-3399
Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-2595.html
Third Party Advisory
-
http://www.securitytracker.com/id/1034142
Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html
Mailing List;Third Party Advisory
Products affected by CVE-2015-8126
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update65:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update65:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*