CVE-2015-8126 - Vulnerability Details

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X
Canonical	Ubuntu Linux
Debian	Debian Linux
Fedoraproject	Fedora
Libpng	Libpng
Opensuse	Leap Opensuse
Oracle	Jdk Jre Linux Solaris
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Tus Enterprise Linux Workstation Network Satellite Rhel Extras Rhel Extras Oracle Java Satellite
Suse	Linux Enterprise Desktop Linux Enterprise Server

Configuration 1 [-]

OR	cpe:2.3:a:libpng:libpng::::::::
	cpe:2.3:a:libpng:libpng::::::::
	cpe:2.3:a:libpng:libpng::::::::
	cpe:2.3:a:libpng:libpng::::::::
	cpe:2.3:a:libpng:libpng::::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:21:::::::*
	cpe:2.3:o:fedoraproject:fedora:22:::::::*
	cpe:2.3:o:fedoraproject:fedora:23:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:opensuse:leap:42.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:12:sp1::::::

Configuration 4 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:redhat:satellite:5.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 6 [-]

AND

cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

Configuration 7 [-]

OR	cpe:2.3:a:oracle:jdk:1.6.0:update105::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update91::::::
	cpe:2.3:a:oracle:jdk:1.8.0:update65::::::
	cpe:2.3:a:oracle:jdk:1.8.0:update66::::::
	cpe:2.3:a:oracle:jre:1.6.0:update105::::::
	cpe:2.3:a:oracle:jre:1.7.0:update91::::::
	cpe:2.3:a:oracle:jre:1.8.0:update65::::::
	cpe:2.3:a:oracle:jre:1.8.0:update66::::::
	cpe:2.3:o:oracle:linux:6:-::::::
	cpe:2.3:o:oracle:linux:7:-::::::
	cpe:2.3:o:oracle:solaris:11.3:::::::*

Configuration 8 [-]

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 9 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

Package	CPE	Advisory	Released Date
Oracle Java for Red Hat Enterprise Linux 5
java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el5_11	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2016:0056	2016-01-21T00:00:00Z
java-1.6.0-sun-1:1.6.0.111-1jpp.3.el5_11	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2016:0057	2016-01-21T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 6
java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el6_7	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2016:0055	2016-01-21T00:00:00Z
java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el6_7	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2016:0056	2016-01-21T00:00:00Z
java-1.6.0-sun-1:1.6.0.111-1jpp.3.el6_7	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2016:0057	2016-01-21T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 7
java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el7	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2016:0055	2016-01-21T00:00:00Z
java-1.7.0-oracle-1:1.7.0.95-1jpp.2.el7	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2016:0056	2016-01-21T00:00:00Z
java-1.6.0-sun-1:1.6.0.111-1jpp.1.el7	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2016:0057	2016-01-21T00:00:00Z
Red Hat Enterprise Linux 5 Supplementary
java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2016:0100	2016-02-02T00:00:00Z
java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2016:0101	2016-02-02T00:00:00Z
Red Hat Enterprise Linux 6
libpng-2:1.2.49-2.el6_7	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:2594	2015-12-09T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
java-1.7.1-ibm-1:1.7.1.3.30-1jpp.2.el6_7	cpe:/a:redhat:rhel_extras:6	RHSA-2016:0099	2016-02-02T00:00:00Z
java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el6_7	cpe:/a:redhat:rhel_extras:6	RHSA-2016:0101	2016-02-02T00:00:00Z
Red Hat Enterprise Linux 7
libpng12-0:1.2.50-7.el7_2	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:2595	2015-12-09T00:00:00Z
libpng-2:1.5.13-7.el7_2	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:2596	2015-12-09T00:00:00Z
Red Hat Enterprise Linux 7 Supplementary
java-1.8.0-ibm-1:1.8.0.2.10-1jpp.1.el7	cpe:/a:redhat:rhel_extras:7	RHSA-2016:0098	2016-02-02T00:00:00Z
java-1.7.1-ibm-1:1.7.1.3.30-1jpp.1.el7	cpe:/a:redhat:rhel_extras:7	RHSA-2016:0099	2016-02-02T00:00:00Z
Red Hat Satellite 5.6
java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5	cpe:/a:redhat:network_satellite:5.6::el5	RHSA-2016:1430	2016-07-18T00:00:00Z
java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7	cpe:/a:redhat:network_satellite:5.6::el5	RHSA-2016:1430	2016-07-18T00:00:00Z
spacewalk-java-0:2.0.2-109.el5sat	cpe:/a:redhat:network_satellite:5.6::el5	RHSA-2016:1430	2016-07-18T00:00:00Z
Red Hat Satellite 5.7
java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7	cpe:/a:redhat:network_satellite:5.7::el6	RHSA-2016:1430	2016-07-18T00:00:00Z
spacewalk-java-0:2.3.8-146.el6sat	cpe:/a:redhat:network_satellite:5.7::el6	RHSA-2016:1430	2016-07-18T00:00:00Z

References

Link	Providers
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html
http://rhn.redhat.com/errata/RHSA-2015-2594.html
http://rhn.redhat.com/errata/RHSA-2015-2595.html
http://rhn.redhat.com/errata/RHSA-2015-2596.html
http://rhn.redhat.com/errata/RHSA-2016-0055.html
http://rhn.redhat.com/errata/RHSA-2016-0056.html
http://rhn.redhat.com/errata/RHSA-2016-0057.html
http://www.debian.org/security/2015/dsa-3399
http://www.debian.org/security/2016/dsa-3507
http://www.openwall.com/lists/oss-security/2015/11/12/2
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/77568
http://www.securitytracker.com/id/1034142
http://www.ubuntu.com/usn/USN-2815-1
https://access.redhat.com/errata/RHSA-2016:1430
https://code.google.com/p/chromium/issues/detail?id=560291
https://kc.mcafee.com/corporate/index?page=content&id=SB10148
https://nvd.nist.gov/vuln/detail/CVE-2015-8126
https://security.gentoo.org/glsa/201603-09
https://security.gentoo.org/glsa/201611-08
https://support.apple.com/HT206167
https://www.cve.org/CVERecord?id=CVE-2015-8126

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-11-13T02:00:00

Updated: 2024-08-06T08:13:31.073Z

Reserved: 2015-11-12T00:00:00

Link: CVE-2015-8126

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-11-13T03:59:05.917

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-8126

Redhat

Severity : Moderate

Publid Date: 2015-11-12T00:00:00Z

Links: CVE-2015-8126 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-12T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "APPLE-SA-2016-03-21-5", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"}, {"name": "openSUSE-SU-2016:0664", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html"}, {"name": "openSUSE-SU-2016:0103", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html"}, {"name": "openSUSE-SU-2016:0684", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT206167"}, {"name": "openSUSE-SU-2015:2135", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html"}, {"name": "openSUSE-SU-2015:2136", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"}, {"name": "77568", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/77568"}, {"name": "openSUSE-SU-2016:0272", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"}, {"name": "FEDORA-2015-5e52306c9c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html"}, {"name": "FEDORA-2015-ec2ddd15d7", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"}, {"name": "GLSA-201611-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201611-08"}, {"name": "openSUSE-SU-2016:0279", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"}, {"name": "DSA-3507", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3507"}, {"name": "FEDORA-2015-501493d853", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"}, {"name": "1034142", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034142"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "RHSA-2016:1430", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:1430"}, {"name": "FEDORA-2015-1d87313b7c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"}, {"name": "DSA-3399", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3399"}, {"name": "RHSA-2015:2595", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"}, {"name": "RHSA-2015:2596", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"}, {"name": "openSUSE-SU-2015:2262", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html"}, {"name": "FEDORA-2015-8a1243db75", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html"}, {"name": "FEDORA-2015-13668fff74", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "openSUSE-SU-2016:0270", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10148"}, {"name": "openSUSE-SU-2015:2100", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html"}, {"name": "[oss-security] 20151112 CVE request: libpng buffer overflow in png_set_PLTE", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/11/12/2"}, {"name": "SUSE-SU-2016:0269", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"}, {"name": "openSUSE-SU-2016:0105", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html"}, {"name": "FEDORA-2015-97fc1797fa", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"}, {"name": "openSUSE-SU-2016:0729", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html"}, {"name": "openSUSE-SU-2016:0263", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"}, {"name": "SUSE-SU-2016:0256", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"}, {"name": "FEDORA-2016-43735c33a7", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html"}, {"name": "SUSE-SU-2016:0665", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html"}, {"name": "GLSA-201603-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201603-09"}, {"name": "FEDORA-2016-9a1c707b10", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html"}, {"name": "openSUSE-SU-2015:2263", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html"}, {"name": "RHSA-2016:0057", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"}, {"name": "RHSA-2016:0055", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"}, {"name": "FEDORA-2015-c80ec85542", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"}, {"name": "openSUSE-SU-2015:2099", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"}, {"name": "USN-2815-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2815-1"}, {"name": "RHSA-2016:0056", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"}, {"name": "openSUSE-SU-2016:0268", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"}, {"name": "FEDORA-2015-4ad4998d00", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"}, {"name": "RHSA-2015:2594", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"}, {"name": "FEDORA-2015-233750b6ab", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=560291"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"}, {"name": "SUSE-SU-2016:0265", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"}, {"name": "openSUSE-SU-2016:0104", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8126", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2016-03-21-5", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"}, {"name": "openSUSE-SU-2016:0664", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html"}, {"name": "openSUSE-SU-2016:0103", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html"}, {"name": "openSUSE-SU-2016:0684", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html"}, {"name": "https://support.apple.com/HT206167", "refsource": "CONFIRM", "url": "https://support.apple.com/HT206167"}, {"name": "openSUSE-SU-2015:2135", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html"}, {"name": "openSUSE-SU-2015:2136", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"}, {"name": "77568", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77568"}, {"name": "openSUSE-SU-2016:0272", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"}, {"name": "FEDORA-2015-5e52306c9c", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html"}, {"name": "FEDORA-2015-ec2ddd15d7", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"}, {"name": "GLSA-201611-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201611-08"}, {"name": "openSUSE-SU-2016:0279", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"}, {"name": "DSA-3507", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3507"}, {"name": "FEDORA-2015-501493d853", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"}, {"name": "1034142", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034142"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "RHSA-2016:1430", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1430"}, {"name": "FEDORA-2015-1d87313b7c", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"}, {"name": "DSA-3399", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3399"}, {"name": "RHSA-2015:2595", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"}, {"name": "RHSA-2015:2596", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"}, {"name": "openSUSE-SU-2015:2262", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html"}, {"name": "FEDORA-2015-8a1243db75", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html"}, {"name": "FEDORA-2015-13668fff74", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "openSUSE-SU-2016:0270", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10148", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10148"}, {"name": "openSUSE-SU-2015:2100", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html"}, {"name": "[oss-security] 20151112 CVE request: libpng buffer overflow in png_set_PLTE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/12/2"}, {"name": "SUSE-SU-2016:0269", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"}, {"name": "openSUSE-SU-2016:0105", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html"}, {"name": "FEDORA-2015-97fc1797fa", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"}, {"name": "openSUSE-SU-2016:0729", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html"}, {"name": "openSUSE-SU-2016:0263", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"}, {"name": "SUSE-SU-2016:0256", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"}, {"name": "FEDORA-2016-43735c33a7", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html"}, {"name": "SUSE-SU-2016:0665", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html"}, {"name": "GLSA-201603-09", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-09"}, {"name": "FEDORA-2016-9a1c707b10", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html"}, {"name": "openSUSE-SU-2015:2263", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html"}, {"name": "RHSA-2016:0057", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"}, {"name": "RHSA-2016:0055", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"}, {"name": "FEDORA-2015-c80ec85542", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"}, {"name": "openSUSE-SU-2015:2099", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"}, {"name": "USN-2815-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2815-1"}, {"name": "RHSA-2016:0056", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"}, {"name": "openSUSE-SU-2016:0268", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"}, {"name": "FEDORA-2015-4ad4998d00", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"}, {"name": "RHSA-2015:2594", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"}, {"name": "FEDORA-2015-233750b6ab", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"}, {"name": "https://code.google.com/p/chromium/issues/detail?id=560291", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=560291"}, {"name": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"}, {"name": "SUSE-SU-2016:0265", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"}, {"name": "openSUSE-SU-2016:0104", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:13:31.073Z"}, "title": "CVE Program Container", "references": [{"name": "APPLE-SA-2016-03-21-5", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"}, {"name": "openSUSE-SU-2016:0664", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html"}, {"name": "openSUSE-SU-2016:0103", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html"}, {"name": "openSUSE-SU-2016:0684", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT206167"}, {"name": "openSUSE-SU-2015:2135", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html"}, {"name": "openSUSE-SU-2015:2136", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"}, {"name": "77568", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/77568"}, {"name": "openSUSE-SU-2016:0272", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"}, {"name": "FEDORA-2015-5e52306c9c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html"}, {"name": "FEDORA-2015-ec2ddd15d7", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"}, {"name": "GLSA-201611-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201611-08"}, {"name": "openSUSE-SU-2016:0279", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"}, {"name": "DSA-3507", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3507"}, {"name": "FEDORA-2015-501493d853", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"}, {"name": "1034142", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034142"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "RHSA-2016:1430", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:1430"}, {"name": "FEDORA-2015-1d87313b7c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"}, {"name": "DSA-3399", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3399"}, {"name": "RHSA-2015:2595", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"}, {"name": "RHSA-2015:2596", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"}, {"name": "openSUSE-SU-2015:2262", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html"}, {"name": "FEDORA-2015-8a1243db75", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html"}, {"name": "FEDORA-2015-13668fff74", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "openSUSE-SU-2016:0270", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10148"}, {"name": "openSUSE-SU-2015:2100", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html"}, {"name": "[oss-security] 20151112 CVE request: libpng buffer overflow in png_set_PLTE", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/11/12/2"}, {"name": "SUSE-SU-2016:0269", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"}, {"name": "openSUSE-SU-2016:0105", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html"}, {"name": "FEDORA-2015-97fc1797fa", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"}, {"name": "openSUSE-SU-2016:0729", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html"}, {"name": "openSUSE-SU-2016:0263", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"}, {"name": "SUSE-SU-2016:0256", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"}, {"name": "FEDORA-2016-43735c33a7", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html"}, {"name": "SUSE-SU-2016:0665", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html"}, {"name": "GLSA-201603-09", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201603-09"}, {"name": "FEDORA-2016-9a1c707b10", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html"}, {"name": "openSUSE-SU-2015:2263", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html"}, {"name": "RHSA-2016:0057", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"}, {"name": "RHSA-2016:0055", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"}, {"name": "FEDORA-2015-c80ec85542", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"}, {"name": "openSUSE-SU-2015:2099", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"}, {"name": "USN-2815-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2815-1"}, {"name": "RHSA-2016:0056", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"}, {"name": "openSUSE-SU-2016:0268", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"}, {"name": "FEDORA-2015-4ad4998d00", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"}, {"name": "RHSA-2015:2594", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"}, {"name": "FEDORA-2015-233750b6ab", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/chromium/issues/detail?id=560291"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"}, {"name": "SUSE-SU-2016:0265", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"}, {"name": "openSUSE-SU-2016:0104", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8126", "datePublished": "2015-11-13T02:00:00", "dateReserved": "2015-11-12T00:00:00", "dateUpdated": "2024-08-06T08:13:31.073Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "matchCriteriaId": "A81951DF-BEF9-4145-B936-48C031617EA6", "versionEndExcluding": "1.0.64", "vulnerable": true}, {"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FE022C0-5EB8-4B1B-A378-120518DB4CDD", "versionEndExcluding": "1.2.54", "versionStartIncluding": "1.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "matchCriteriaId": "A38EFE8E-7569-4DEC-B97C-89A2D3A61C38", "versionEndExcluding": "1.4.17", "versionStartIncluding": "1.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAACE97E-7BF2-485F-A129-1C27B936D392", "versionEndExcluding": "1.5.24", "versionStartIncluding": "1.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "matchCriteriaId": "88EAB9A2-8A67-4AE7-BA39-73B219BE34CC", "versionEndExcluding": "1.6.19", "versionStartIncluding": "1.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "17D4B6F2-514D-4BC2-B2C5-4E2FCCAC594C", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "967EC28A-607F-48F4-AD64-5E3041C768F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*", "matchCriteriaId": "B0AD78A5-E3C8-4CF1-967C-7F934F9DAFE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*", "matchCriteriaId": "4B0EF44A-833C-4B9D-824A-5E0FFFBA8340", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update65:*:*:*:*:*:*", "matchCriteriaId": "05726B2D-17F9-4192-A570-979BA8F6676E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*", "matchCriteriaId": "D6C77242-C6FB-4BED-BA51-E9477D64E311", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*", "matchCriteriaId": "7CB263D7-6718-4BE2-8423-B25FD727915E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*", "matchCriteriaId": "CB1CAC76-2414-43D0-917D-5C1E60438178", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update65:*:*:*:*:*:*", "matchCriteriaId": "9D58FCAD-3374-40D1-ADD9-E830FC3B497A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*", "matchCriteriaId": "1475C6EC-E2F6-4881-A89E-FB75C1AD1F20", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A594A00-699D-4899-AEE5-E6B9B948FB62", "versionEndExcluding": "10.11.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de buffer en las funciones (1) png_set_PLTE y (2) png_get_PLTE en libpng en versiones anteriores a 1.0.64, 1.1.x y 1.2.x en versiones anteriores a 1.2.54, 1.3.x y 1.4.x en versiones anteriores a 1.4.17, 1.5.x en versiones anteriores a 1.5.24 y 1.6.x en versiones anteriores a 1.6.19 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente tener otro impacto no especificado a trav\u00e9s de un valor bit-depth peque\u00f1o en un fragmento IHDR (tambi\u00e9n conocido como image header) en una imagen PNG."}], "id": "CVE-2015-8126", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-11-13T03:59:05.917", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3399"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3507"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/11/12/2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/77568"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034142"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2815-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2016:1430"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://code.google.com/p/chromium/issues/detail?id=560291"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10148"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201603-09"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201611-08"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT206167"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3399"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3507"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/11/12/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/77568"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2815-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2016:1430"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://code.google.com/p/chromium/issues/detail?id=560291"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10148"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201603-09"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201611-08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT206167"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:0056", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:5", "package": "java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el5_11", "product_name": "Oracle Java for Red Hat Enterprise Linux 5", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0057", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:5", "package": "java-1.6.0-sun-1:1.6.0.111-1jpp.3.el5_11", "product_name": "Oracle Java for Red Hat Enterprise Linux 5", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0055", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el6_7", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0056", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el6_7", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0057", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.6.0-sun-1:1.6.0.111-1jpp.3.el6_7", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0055", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el7", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0056", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.7.0-oracle-1:1.7.0.95-1jpp.2.el7", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0057", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.6.0-sun-1:1.6.0.111-1jpp.1.el7", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0100", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2016-02-02T00:00:00Z"}, {"advisory": "RHSA-2016:0101", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el5", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2016-02-02T00:00:00Z"}, {"advisory": "RHSA-2015:2594", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libpng-2:1.2.49-2.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-12-09T00:00:00Z"}, {"advisory": "RHSA-2016:0099", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.1-ibm-1:1.7.1.3.30-1jpp.2.el6_7", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2016-02-02T00:00:00Z"}, {"advisory": "RHSA-2016:0101", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el6_7", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2016-02-02T00:00:00Z"}, {"advisory": "RHSA-2015:2595", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libpng12-0:1.2.50-7.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-12-09T00:00:00Z"}, {"advisory": "RHSA-2015:2596", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libpng-2:1.5.13-7.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-12-09T00:00:00Z"}, {"advisory": "RHSA-2016:0098", "cpe": "cpe:/a:redhat:rhel_extras:7", "package": "java-1.8.0-ibm-1:1.8.0.2.10-1jpp.1.el7", "product_name": "Red Hat Enterprise Linux 7 Supplementary", "release_date": "2016-02-02T00:00:00Z"}, {"advisory": "RHSA-2016:0099", "cpe": "cpe:/a:redhat:rhel_extras:7", "package": "java-1.7.1-ibm-1:1.7.1.3.30-1jpp.1.el7", "product_name": "Red Hat Enterprise Linux 7 Supplementary", "release_date": "2016-02-02T00:00:00Z"}, {"advisory": "RHSA-2016:1430", "cpe": "cpe:/a:redhat:network_satellite:5.6::el5", "package": "java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5", "product_name": "Red Hat Satellite 5.6", "release_date": "2016-07-18T00:00:00Z"}, {"advisory": "RHSA-2016:1430", "cpe": "cpe:/a:redhat:network_satellite:5.6::el5", "package": "java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7", "product_name": "Red Hat Satellite 5.6", "release_date": "2016-07-18T00:00:00Z"}, {"advisory": "RHSA-2016:1430", "cpe": "cpe:/a:redhat:network_satellite:5.6::el5", "package": "spacewalk-java-0:2.0.2-109.el5sat", "product_name": "Red Hat Satellite 5.6", "release_date": "2016-07-18T00:00:00Z"}, {"advisory": "RHSA-2016:1430", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7", "product_name": "Red Hat Satellite 5.7", "release_date": "2016-07-18T00:00:00Z"}, {"advisory": "RHSA-2016:1430", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "spacewalk-java-0:2.3.8-146.el6sat", "product_name": "Red Hat Satellite 5.7", "release_date": "2016-07-18T00:00:00Z"}], "bugzilla": {"description": "libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions", "id": "1281756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281756"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-120", "details": ["Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.", "It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library."], "name": "CVE-2015-8126", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "libpng", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2015-11-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8126\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8126"], "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object