Description
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 5 Supplementary | |||
| java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5 | cpe:/a:redhat:rhel_extras:5 | RHSA-2016:0100 | 2016-02-02T00:00:00Z |
| java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el5 | cpe:/a:redhat:rhel_extras:5 | RHSA-2016:0101 | 2016-02-02T00:00:00Z |
| Red Hat Enterprise Linux 6 | |||
| libpng-2:1.2.49-2.el6_7 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2015:2594 | 2015-12-09T00:00:00Z |
| Red Hat Enterprise Linux 6 Supplementary | |||
| java-1.7.1-ibm-1:1.7.1.3.30-1jpp.2.el6_7 | cpe:/a:redhat:rhel_extras:6 | RHSA-2016:0099 | 2016-02-02T00:00:00Z |
| java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el6_7 | cpe:/a:redhat:rhel_extras:6 | RHSA-2016:0101 | 2016-02-02T00:00:00Z |
| Red Hat Enterprise Linux 7 | |||
| libpng12-0:1.2.50-7.el7_2 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2015:2595 | 2015-12-09T00:00:00Z |
| Red Hat Enterprise Linux 7 Supplementary | |||
| java-1.7.1-ibm-1:1.7.1.3.30-1jpp.1.el7 | cpe:/a:redhat:rhel_extras:7 | RHSA-2016:0099 | 2016-02-02T00:00:00Z |
| Red Hat Satellite 5.6 | |||
| java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5 | cpe:/a:redhat:network_satellite:5.6::el5 | RHSA-2016:1430 | 2016-07-18T00:00:00Z |
| java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 | cpe:/a:redhat:network_satellite:5.6::el5 | RHSA-2016:1430 | 2016-07-18T00:00:00Z |
| spacewalk-java-0:2.0.2-109.el5sat | cpe:/a:redhat:network_satellite:5.6::el5 | RHSA-2016:1430 | 2016-07-18T00:00:00Z |
| Red Hat Satellite 5.7 | |||
| java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 | cpe:/a:redhat:network_satellite:5.7::el6 | RHSA-2016:1430 | 2016-07-18T00:00:00Z |
| spacewalk-java-0:2.3.8-146.el6sat | cpe:/a:redhat:network_satellite:5.7::el6 | RHSA-2016:1430 | 2016-07-18T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-343-1 | libpng security update |
 Debian DSA |
DSA-3399-1 | libpng security update |
 EUVD |
EUVD-2015-7878 | The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. |
 Ubuntu USN |
USN-2815-1 | libpng vulnerabilities |
References
History
Sun, 13 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Subscriptions
Canonical
Subscribe
Ubuntu Linux
Subscribe
Debian
Subscribe
Debian Linux
Subscribe
Libpng
Subscribe
Libpng
Subscribe
Redhat
Subscribe
Enterprise Linux
Subscribe
Enterprise Linux Desktop
Subscribe
Enterprise Linux Hpc Node
Subscribe
Enterprise Linux Hpc Node Eus
Subscribe
Enterprise Linux Server
Subscribe
Enterprise Linux Server Aus
Subscribe
Enterprise Linux Server Eus
Subscribe
Enterprise Linux Workstation
Subscribe
Network Satellite
Subscribe
Rhel Extras
Subscribe
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T08:06:31.465Z
Reserved: 2015-10-26T00:00:00.000Z
Link: CVE-2015-7981
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2015-11-24T20:59:15.017
Modified: 2025-04-12T10:46:40.837
Link: CVE-2015-7981
Redhat
OpenCVE Enrichment
No data.