7.5
CVE-2015-8126
- EPSS 10.34%
- Veröffentlicht 13.11.2015 03:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version21
Fedoraproject ≫ Fedora Version22
Fedoraproject ≫ Fedora Version23
Suse ≫ Linux Enterprise Desktop Version11 Updatesp3
Suse ≫ Linux Enterprise Desktop Version11 Updatesp4
Suse ≫ Linux Enterprise Desktop Version12 Update-
Suse ≫ Linux Enterprise Desktop Version12 Updatesp1
Suse ≫ Linux Enterprise Server Version12 Update-
Suse ≫ Linux Enterprise Server Version12 Updatesp1
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Eus Version6.7
Redhat ≫ Enterprise Linux Eus Version7.2
Redhat ≫ Enterprise Linux Eus Version7.3
Redhat ≫ Enterprise Linux Eus Version7.4
Redhat ≫ Enterprise Linux Eus Version7.5
Redhat ≫ Enterprise Linux Eus Version7.6
Redhat ≫ Enterprise Linux Eus Version7.7
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version7.2
Redhat ≫ Enterprise Linux Server Aus Version7.3
Redhat ≫ Enterprise Linux Server Aus Version7.4
Redhat ≫ Enterprise Linux Server Aus Version7.6
Redhat ≫ Enterprise Linux Server Aus Version7.7
Redhat ≫ Enterprise Linux Server Tus Version7.2
Redhat ≫ Enterprise Linux Server Tus Version7.3
Redhat ≫ Enterprise Linux Server Tus Version7.6
Redhat ≫ Enterprise Linux Server Tus Version7.7
Redhat ≫ Enterprise Linux Workstation Version6.0
Redhat ≫ Enterprise Linux Workstation Version7.0
Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version15.04
Canonical ≫ Ubuntu Linux Version15.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.34% | 0.951 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.ubuntu.com/usn/USN-2815-1
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
https://support.apple.com/HT206167
https://security.gentoo.org/glsa/201603-09
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
https://access.redhat.com/errata/RHSA-2016:1430
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html
http://rhn.redhat.com/errata/RHSA-2015-2594.html
http://rhn.redhat.com/errata/RHSA-2015-2595.html
http://rhn.redhat.com/errata/RHSA-2015-2596.html
http://rhn.redhat.com/errata/RHSA-2016-0055.html
http://rhn.redhat.com/errata/RHSA-2016-0056.html
http://rhn.redhat.com/errata/RHSA-2016-0057.html
http://www.debian.org/security/2015/dsa-3399
http://www.debian.org/security/2016/dsa-3507
http://www.openwall.com/lists/oss-security/2015/11/12/2
http://www.securityfocus.com/bid/77568
http://www.securitytracker.com/id/1034142
https://code.google.com/p/chromium/issues/detail?id=560291
https://kc.mcafee.com/corporate/index?page=content&id=SB10148
https://security.gentoo.org/glsa/201611-08