Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
References
Link | Resource |
---|---|
http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt | Exploit |
http://www.openwall.com/lists/oss-security/2015/01/10/1 | Exploit Third Party Advisory |
http://www.openwall.com/lists/oss-security/2015/01/10/3 | Exploit |
http://sourceforge.net/p/png-mng/mailman/message/33173461/ | Third Party Advisory |
http://secunia.com/advisories/62725 | Permissions Required Third Party Advisory |
https://support.apple.com/HT206167 | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html | Vendor Advisory |
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2015-01-18 10:59
Updated : 2016-10-20 11:46
NVD link : CVE-2015-0973
Mitre link : CVE-2015-0973
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
apple
- mac_os_x
libpng
- libpng
oracle
- solaris