9.3
CVE-2015-8540
- EPSS 13.55%
- Veröffentlicht 14.04.2016 14:59:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginInteger underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Desktop Supplementary Version5.0
Redhat ≫ Enterprise Linux Desktop Supplementary Version6.0
Redhat ≫ Enterprise Linux Hpc Node Version6.0
Redhat ≫ Enterprise Linux Server Supplementary Version5.0
Redhat ≫ Enterprise Linux Server Supplementary Version6.0
Redhat ≫ Enterprise Linux Workstation Supplementary Version6.0
Fedoraproject ≫ Fedora Version23
Debian ≫ Debian Linux Version6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 13.55% | 0.939 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|