Podatność CVE-2015-8540
Publikacja: 2016-04-14

Opis:
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
9.3/10
10/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
Redhat -> Enterprise linux desktop supplementary 
Redhat -> Enterprise linux hpc node 
Redhat -> Enterprise linux server supplementary 
Redhat -> Enterprise linux workstation supplementary 
Libpng -> Libpng 
Fedoraproject -> Fedora 
Debian -> Debian linux 

 Referencje:
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html
http://sourceforge.net/p/libpng/bugs/244/
http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/
http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/
http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/
http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/
http://www.debian.org/security/2016/dsa-3443
http://www.openwall.com/lists/oss-security/2015/12/10/6
http://www.openwall.com/lists/oss-security/2015/12/10/7
http://www.openwall.com/lists/oss-security/2015/12/11/1
http://www.openwall.com/lists/oss-security/2015/12/11/2
http://www.openwall.com/lists/oss-security/2015/12/17/10
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.securityfocus.com/bid/80592
https://access.redhat.com/errata/RHSA-2016:1430
https://security.gentoo.org/glsa/201611-08
Copyright 2024, cxsecurity.com

 

Back to Top