5
CVE-2015-7981
- EPSS 0.93%
- Veröffentlicht 24.11.2015 20:59:15
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version15.04
Canonical ≫ Ubuntu Linux Version15.10
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Hpc Node Version7.0
Redhat ≫ Enterprise Linux Hpc Node Eus Version7.2
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version7.2
Redhat ≫ Enterprise Linux Server Eus Version7.2
Redhat ≫ Enterprise Linux Workstation Version7.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Hpc Node Version6.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Eus Version6.7.z
Redhat ≫ Enterprise Linux Workstation Version6.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.93% | 0.754 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.