9.3
CVE-2015-8540
- EPSS 13.3%
- Published 14.04.2016 14:59:03
- Last modified 12.04.2025 10:46:40
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Desktop Supplementary Version5.0
Redhat ≫ Enterprise Linux Desktop Supplementary Version6.0
Redhat ≫ Enterprise Linux Hpc Node Version6.0
Redhat ≫ Enterprise Linux Server Supplementary Version5.0
Redhat ≫ Enterprise Linux Server Supplementary Version6.0
Redhat ≫ Enterprise Linux Workstation Supplementary Version6.0
Fedoraproject ≫ Fedora Version23
Debian ≫ Debian Linux Version6.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 13.3% | 0.939 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|