CVE-2015-8472
Published: 9 December 2015
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
Notes
Author | Note |
---|---|
seth-arnold |
Incomplete fix for CVE-2015-8126 |
chriscoulson |
firefox and thunderbird are not-affected since they don't use png_set_PLTE, see https://bugzilla.mozilla.org/show_bug.cgi?id=1224244#c0) |
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser
Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(uses system libpng)
|
trusty |
Does not exist
(trusty was not-affected [uses system libpng])
|
|
upstream |
Needs triage
|
|
vivid |
Not vulnerable
(uses system libpng)
|
|
wily |
Not vulnerable
(uses system libpng)
|
|
firefox
Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(doesn't use png_set_PLTE)
|
trusty |
Does not exist
(trusty was not-affected [doesn't use png_set_PLTE])
|
|
upstream |
Not vulnerable
(doesn't use png_set_PLTE)
|
|
vivid |
Not vulnerable
(doesn't use png_set_PLTE)
|
|
wily |
Not vulnerable
(doesn't use png_set_PLTE)
|
|
libpng
Launchpad, Ubuntu, Debian |
precise |
Released
(1.2.46-3ubuntu4.2)
|
trusty |
Released
(1.2.50-1ubuntu2.14.04.2)
|
|
upstream |
Released
(1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65)
|
|
vivid |
Released
(1.2.51-0ubuntu3.15.04.2)
|
|
wily |
Released
(1.2.51-0ubuntu3.15.10.2)
|
|
Patches:
upstream: https://github.com/glennrp/libpng/commit/7e1ca9ceba4e64259863efdd98bab9b55bdc0b9c upstream: https://github.com/glennrp/libpng/commit/4488a96126bbefda51d07835411d8e847a88b2b7 upstream: https://github.com/glennrp/libpng/commit/ad224c6907e8a274f2679eae4c2e3085fdc7e8c8 |
||
openjdk-6
Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(uses system libpng)
|
trusty |
Does not exist
(trusty was not-affected [uses system libpng])
|
|
upstream |
Needs triage
|
|
vivid |
Not vulnerable
(uses system libpng)
|
|
wily |
Not vulnerable
(uses system libpng)
|
|
openjdk-7
Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(uses system libpng)
|
trusty |
Does not exist
(trusty was not-affected [uses system libpng])
|
|
upstream |
Needs triage
|
|
vivid |
Not vulnerable
(uses system libpng)
|
|
wily |
Not vulnerable
(uses system libpng)
|
|
openjdk-8
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
vivid |
Not vulnerable
(uses system libpng)
|
|
wily |
Not vulnerable
(uses system libpng)
|
|
thunderbird
Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(doesn't use png_set_PLTE)
|
trusty |
Does not exist
(trusty was not-affected [doesn't use png_set_PLTE])
|
|
upstream |
Not vulnerable
(doesn't use png_set_PLTE)
|
|
vivid |
Not vulnerable
(doesn't use png_set_PLTE)
|
|
wily |
Not vulnerable
(doesn't use png_set_PLTE)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | Low |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |