Vulnerability Description
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libpng | Libpng | < 1.0.64 |
| Fedoraproject | Fedora | 21 |
| Opensuse | Leap | 42.1 |
| Opensuse | Opensuse | 13.1 |
| Suse | Linux Enterprise Desktop | 11 |
| Suse | Linux Enterprise Server | 12 |
| Debian | Debian Linux | 7.0 |
| Redhat | Satellite | 5.7 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Eus | 6.7 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server Aus | 7.2 |
| Redhat | Enterprise Linux Server Tus | 7.2 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Redhat | Enterprise Linux | 5.0 |
| Oracle | Jdk | 1.6.0 |
| Oracle | Jre | 1.6.0 |
| Oracle | Linux | 6 |
| Oracle | Solaris | 11.3 |
| Apple | Mac Os X | < 10.11.4 |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.htmlThird Party Advisory
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlMailing ListThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.htThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.htThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.htThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2015-8126?
CVE-2015-8126 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x b...
How severe is CVE-2015-8126?
CVE-2015-8126 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8126?
Check the references section above for vendor advisories and patch information. Affected products include: Libpng Libpng, Fedoraproject Fedora, Opensuse Leap, Opensuse Opensuse, Suse Linux Enterprise Desktop.