Vulnerability Details : CVE-2015-8540
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Products affected by CVE-2015-8540
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.52:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.50:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.46:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.48:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.53:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.51:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.37:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.38:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.33:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.41:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.45:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.42:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.34:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.35:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.47:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.44:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.43:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.54:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.39:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.40:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.57:rc01:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.56:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.58:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.57:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.55:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.56:devel:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.55:rc01:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.48:betas:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.43:devel:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.46:devel:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.45:devel:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.47:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.7:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.3:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.2:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.9:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.5:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.10:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.6:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.1:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.0:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.8:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.4:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.11:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.13:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.59:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.60:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.63:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.61:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.62:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.55:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.65:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:0.99:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:0.98:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:0.97:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.25:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.20:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8540
2.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8540
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2015-8540
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8540
-
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
-
http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/
LIBPNG: PNG reference library - Browse Files at SourceForge.netPatch
-
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Oracle Solaris Bulletin - July 2016
-
http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/
LIBPNG: PNG reference library - Browse Files at SourceForge.netPatch
-
http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/
LIBPNG: PNG reference library - Browse Files at SourceForge.netPatch
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html
[SECURITY] Fedora 23 Update: libpng10-1.0.66-1.fc23
-
http://www.openwall.com/lists/oss-security/2015/12/10/6
oss-security - CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)
-
http://www.openwall.com/lists/oss-security/2015/12/10/7
oss-security - Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)
-
https://security.gentoo.org/glsa/201611-08
libpng: Multiple vulnerabilities (GLSA 201611-08) — Gentoo security
-
http://www.openwall.com/lists/oss-security/2015/12/11/2
oss-security - Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)
-
https://access.redhat.com/errata/RHSA-2016:1430
RHSA-2016:1430 - Security Advisory - Red Hat Customer Portal
-
http://sourceforge.net/p/libpng/bugs/244/
LIBPNG: PNG reference library / Bugs / #244 read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)
-
http://www.securityfocus.com/bid/80592
libpng 'pngwutil.c' Underflow Read Remote Code Execution Vulnerability
-
http://www.debian.org/security/2016/dsa-3443
Debian -- Security Information -- DSA-3443-1 libpng
-
http://www.openwall.com/lists/oss-security/2015/12/11/1
oss-security - Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)
-
http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
LIBPNG: PNG reference library / Code / Commit [d9006f]
-
http://www.openwall.com/lists/oss-security/2015/12/17/10
oss-security - Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)
-
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 - Pony Mail
-
http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/
LIBPNG: PNG reference library - Browse Files at SourceForge.netPatch
Jump to