CVE-2015-8126

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2015-8126
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.openwall.com/lists/oss-security/2015/11/12/2 Mailing List Third Party Advisory
http://www.debian.org/security/2015/dsa-3399 Third Party Advisory
http://www.ubuntu.com/usn/USN-2815-1 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html Third Party Advisory
https://code.google.com/p/chromium/issues/detail?id=560291 Issue Tracking Patch Third Party Advisory
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html Third Party Advisory
https://support.apple.com/HT206167 Third Party Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2596.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2595.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2594.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1430 Third Party Advisory
http://www.securityfocus.com/bid/77568 Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201603-09 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html Mailing List Third Party Advisory
http://www.debian.org/security/2016/dsa-3507 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10148 Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0057.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0056.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0055.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html Mailing List Third Party Advisory
http://www.securitytracker.com/id/1034142 Third Party Advisory VDB Entry
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201611-08 Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update65:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update65:*:*:*:*:*:*

Configuration 8 (hide)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 9 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Information

Published : 2015-11-12 19:59

Updated : 2022-05-13 07:57

NVD link : CVE-2015-8126

Mitre link : CVE-2015-8126

JSON object : View

CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Advertisement

dedicated server usa
Products Affected

suse

  • linux_enterprise_desktop
  • linux_enterprise_server

libpng

  • libpng

canonical

  • ubuntu_linux

oracle

  • jdk
  • jre
  • solaris
  • linux

redhat

  • satellite
  • enterprise_linux
  • enterprise_linux_server_aus
  • enterprise_linux_workstation
  • enterprise_linux_desktop
  • enterprise_linux_server_tus
  • enterprise_linux_server
  • enterprise_linux_eus

fedoraproject

  • fedora

debian

  • debian_linux

apple

  • mac_os_x

opensuse

  • opensuse
  • leap