The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
Metrics
Affected Vendors & Products
Advisories
| Source | ID | Title |
|---|---|---|
Debian DLA |
DLA-343-1 | libpng security update |
Debian DSA |
DSA-3399-1 | libpng security update |
EUVD |
EUVD-2015-7878 | The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. |
Ubuntu USN |
USN-2815-1 | libpng vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sun, 13 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T08:06:31.465Z
Reserved: 2015-10-26T00:00:00
Link: CVE-2015-7981
No data.
Status : Deferred
Published: 2015-11-24T20:59:15.017
Modified: 2025-04-12T10:46:40.837
Link: CVE-2015-7981
OpenCVE Enrichment
No data.
Debian DLA
Debian DSA
EUVD
Ubuntu USN