CVE Vulnerabilities

CVE-2015-8540

Published: Apr 14, 2016 | Modified: Nov 07, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
5.4 LOW
AV:N/AC:H/Au:N/C:N/I:N/A:C
RedHat/V3
8.8 LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

Affected Software

Name Vendor Start Version End Version
Enterprise_linux_desktop_supplementary Redhat 5.0 (including) 5.0 (including)
Enterprise_linux_desktop_supplementary Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_hpc_node Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_server_supplementary Redhat 5.0 (including) 5.0 (including)
Enterprise_linux_server_supplementary Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_workstation_supplementary Redhat 6.0 (including) 6.0 (including)
Libpng Ubuntu devel *
Libpng Ubuntu precise *
Libpng Ubuntu trusty *
Libpng Ubuntu trusty/esm *
Libpng Ubuntu upstream *
Libpng Ubuntu vivid *
Libpng Ubuntu vivid/stable-phone-overlay *
Libpng Ubuntu vivid/ubuntu-core *
Libpng Ubuntu wily *
Red Hat Enterprise Linux 5 Supplementary RedHat java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5 *
Red Hat Enterprise Linux 5 Supplementary RedHat java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el5 *
Red Hat Enterprise Linux 6 Supplementary RedHat java-1.7.1-ibm-1:1.7.1.3.30-1jpp.2.el6_7 *
Red Hat Enterprise Linux 6 Supplementary RedHat java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el6_7 *
Red Hat Enterprise Linux 7 Supplementary RedHat java-1.7.1-ibm-1:1.7.1.3.30-1jpp.1.el7 *
Red Hat Satellite 5.6 RedHat java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5 *
Red Hat Satellite 5.6 RedHat java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 *
Red Hat Satellite 5.6 RedHat spacewalk-java-0:2.0.2-109.el5sat *
Red Hat Satellite 5.7 RedHat java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 *
Red Hat Satellite 5.7 RedHat spacewalk-java-0:2.3.8-146.el6sat *

References