CVE-2015-8126
Published Nov 13, 2015
Last updated 3 years ago
Overview
- Description
- Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-120
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A81951DF-BEF9-4145-B936-48C031617EA6",
"versionEndExcluding": "1.0.64"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FE022C0-5EB8-4B1B-A378-120518DB4CDD",
"versionEndExcluding": "1.2.54",
"versionStartIncluding": "1.1.1"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A38EFE8E-7569-4DEC-B97C-89A2D3A61C38",
"versionEndExcluding": "1.4.17",
"versionStartIncluding": "1.3.0"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAACE97E-7BF2-485F-A129-1C27B936D392",
"versionEndExcluding": "1.5.24",
"versionStartIncluding": "1.5.0"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88EAB9A2-8A67-4AE7-BA39-73B219BE34CC",
"versionEndExcluding": "1.6.19",
"versionStartIncluding": "1.6.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17D4B6F2-514D-4BC2-B2C5-4E2FCCAC594C"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "967EC28A-607F-48F4-AD64-5E3041C768F0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0AD78A5-E3C8-4CF1-967C-7F934F9DAFE3"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B0EF44A-833C-4B9D-824A-5E0FFFBA8340"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update65:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05726B2D-17F9-4192-A570-979BA8F6676E"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6C77242-C6FB-4BED-BA51-E9477D64E311"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CB263D7-6718-4BE2-8423-B25FD727915E"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB1CAC76-2414-43D0-917D-5C1E60438178"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update65:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D58FCAD-3374-40D1-ADD9-E830FC3B497A"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1475C6EC-E2F6-4881-A89E-FB75C1AD1F20"
},
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876"
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158"
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A594A00-699D-4899-AEE5-E6B9B948FB62",
"versionEndExcluding": "10.11.4"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"vulnerable": true,
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355"
}
],
"operator": "OR"
}
]
}
]