Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2015-8540

Published: Apr 14, 2016 | Modified: Nov 07, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
5.4 LOW
AV:N/AC:H/Au:N/C:N/I:N/A:C
RedHat/V3
8.8 LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2015-8540
CWEhttps://cwe.mitre.org/data/definitions/189.html

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

Affected Software

Name Vendor Start Version End Version
Enterprise_linux_desktop_supplementary Redhat 5.0 (including) 5.0 (including)
Enterprise_linux_desktop_supplementary Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_hpc_node Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_server_supplementary Redhat 5.0 (including) 5.0 (including)
Enterprise_linux_server_supplementary Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_workstation_supplementary Redhat 6.0 (including) 6.0 (including)
Libpng Ubuntu devel *
Libpng Ubuntu precise *
Libpng Ubuntu trusty *
Libpng Ubuntu upstream *
Libpng Ubuntu vivid *
Libpng Ubuntu vivid/stable-phone-overlay *
Libpng Ubuntu vivid/ubuntu-core *
Libpng Ubuntu wily *
Red Hat Enterprise Linux 5 Supplementary RedHat java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5 *
Red Hat Enterprise Linux 5 Supplementary RedHat java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el5 *
Red Hat Enterprise Linux 6 Supplementary RedHat java-1.7.1-ibm-1:1.7.1.3.30-1jpp.2.el6_7 *
Red Hat Enterprise Linux 6 Supplementary RedHat java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el6_7 *
Red Hat Enterprise Linux 7 Supplementary RedHat java-1.7.1-ibm-1:1.7.1.3.30-1jpp.1.el7 *
Red Hat Satellite 5.6 RedHat java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5 *
Red Hat Satellite 5.6 RedHat java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 *
Red Hat Satellite 5.6 RedHat spacewalk-java-0:2.0.2-109.el6sat *
Red Hat Satellite 5.7 RedHat java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 *
Red Hat Satellite 5.7 RedHat spacewalk-java-0:2.3.8-146.el6sat *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use