Vulnerability Details : CVE-2015-8126
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-8126
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update65:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update65:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Threat overview for CVE-2015-8126
Top countries where our scanners detected CVE-2015-8126
Top open port discovered on systems with this issue
80
IPs affected by CVE-2015-8126 2,326
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-8126!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-8126
2.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8126
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-8126
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8126
-
http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html
openSUSE-SU-2015:2263-1: moderate: Security update for libpng12Mailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Oracle Critical Patch Update - January 2016Third Party Advisory
-
http://www.securityfocus.com/bid/77568
libpng CVE-2015-8126 Multiple Heap Based Buffer Overflow VulnerabilitiesThird Party Advisory;VDB Entry
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html
[SECURITY] Fedora 22 Update: libpng10-1.0.64-1.fc22Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2015/11/12/2
oss-security - CVE request: libpng buffer overflow in png_set_PLTEMailing List;Third Party Advisory
-
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html
Chrome Releases: Stable Channel UpdateThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2815-1
USN-2815-1: libpng vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
[security-announce] SUSE-SU-2016:0269-1: critical: Security update for jMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
[security-announce] SUSE-SU-2016:0265-1: critical: Security update for jMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html
[security-announce] openSUSE-SU-2016:0729-1: important: Security updateMailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Oracle Solaris Bulletin - July 2016Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html
[security-announce] openSUSE-SU-2016:0664-1: important: Security updateMailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html
[SECURITY] Fedora 23 Update: libpng10-1.0.64-1.fc23Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html
openSUSE-SU-2016:0103-1: moderate: Security update for libpng12Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
[security-announce] SUSE-SU-2016:0256-1: critical: Security update for jMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0056.html
RHSA-2016:0056 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html
[SECURITY] Fedora 23 Update: libpng15-1.5.25-1.fc23Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html
[SECURITY] Fedora 23 Update: mingw-libpng-1.6.19-1.fc23Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html
[SECURITY] Fedora 21 Update: libpng10-1.0.64-1.fc21Third Party Advisory
-
https://security.gentoo.org/glsa/201611-08
libpng: Multiple vulnerabilities (GLSA 201611-08) — Gentoo securityThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html
[SECURITY] Fedora 23 Update: libpng-1.6.17-4.fc23Third Party Advisory
-
https://support.apple.com/HT206167
About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple SupportThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
[security-announce] openSUSE-SU-2016:0279-1: critical: Security update fMailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0057.html
RHSA-2016:0057 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
[security-announce] openSUSE-SU-2016:0268-1: critical: Security update fMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html
[security-announce] openSUSE-SU-2015:2100-1: important: Security updateMailing List;Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3507
Debian -- Security Information -- DSA-3507-1 chromium-browserThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html
[SECURITY] Fedora 22 Update: mingw-libpng-1.6.19-1.fc22Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html
openSUSE-SU-2016:0104-1: moderate: Security update for libpng15Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
[security-announce] openSUSE-SU-2016:0270-1: critical: Security update fMailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html
[SECURITY] Fedora 22 Update: libpng15-1.5.25-1.fc22Third Party Advisory
-
https://security.gentoo.org/glsa/201603-09
Chromium: Multiple vulnerabilities (GLSA 201603-09) — Gentoo securityThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html
openSUSE-SU-2015:2262-1: moderate: Security update for libpng16Mailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html
[SECURITY] Fedora 21 Update: mingw-libpng-1.6.19-1.fc21Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2016:1430
RHSA-2016:1430 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html
[SECURITY] Fedora 22 Update: mingw-libpng-1.6.21-1.fc22Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-2596.html
RHSA-2015:2596 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html
[SECURITY] Fedora 23 Update: libpng-1.6.17-3.fc23Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html
[security-announce] openSUSE-SU-2016:0684-1: important: Security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html
openSUSE-SU-2015:2135-1: moderate: Security update for libpng16Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html
[security-announce] openSUSE-SU-2015:2099-1: important: Security updateMailing List;Third Party Advisory
-
https://code.google.com/p/chromium/issues/detail?id=560291
560291 - Security: security vulnerabilities in libpng (CVE-2015-7981, CVE-2015-8126) - chromium - MonorailIssue Tracking;Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html
openSUSE-SU-2016:0105-1: moderate: Security update for libpng16Mailing List;Third Party Advisory
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10148
McAfee Security Bulletin: ePolicy Orchestrator update fixes multiple Oracle Java vulnerabilitiesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
[security-announce] openSUSE-SU-2016:0272-1: important: Security updateMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-2594.html
RHSA-2015:2594 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0055.html
RHSA-2016:0055 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html
openSUSE-SU-2015:2136-1: moderate: Security update for libpng12Mailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html
[SECURITY] Fedora 23 Update: mingw-libpng-1.6.21-1.fc23Third Party Advisory
-
http://www.debian.org/security/2015/dsa-3399
Debian -- Security Information -- DSA-3399-1 libpngThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-2595.html
RHSA-2015:2595 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securitytracker.com/id/1034142
libpng Buffer Overflow in png_set_PLTE()/png_get_PLTE() Files Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
[security-announce] openSUSE-SU-2016:0263-1: critical: Security update fMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html
[security-announce] SUSE-SU-2016:0665-1: important: Security update forMailing List;Third Party Advisory
Jump to