Description
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
Configuration 10 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 5 Supplementary | |||
| java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5 | cpe:/a:redhat:rhel_extras:5 | RHSA-2016:0100 | 2016-02-02T00:00:00Z |
| java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el5 | cpe:/a:redhat:rhel_extras:5 | RHSA-2016:0101 | 2016-02-02T00:00:00Z |
| Red Hat Enterprise Linux 6 Supplementary | |||
| java-1.7.1-ibm-1:1.7.1.3.30-1jpp.2.el6_7 | cpe:/a:redhat:rhel_extras:6 | RHSA-2016:0099 | 2016-02-02T00:00:00Z |
| java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el6_7 | cpe:/a:redhat:rhel_extras:6 | RHSA-2016:0101 | 2016-02-02T00:00:00Z |
| Red Hat Enterprise Linux 7 Supplementary | |||
| java-1.7.1-ibm-1:1.7.1.3.30-1jpp.1.el7 | cpe:/a:redhat:rhel_extras:7 | RHSA-2016:0099 | 2016-02-02T00:00:00Z |
| Red Hat Satellite 5.6 | |||
| java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5 | cpe:/a:redhat:network_satellite:5.6::el5 | RHSA-2016:1430 | 2016-07-18T00:00:00Z |
| java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 | cpe:/a:redhat:network_satellite:5.6::el5 | RHSA-2016:1430 | 2016-07-18T00:00:00Z |
| spacewalk-java-0:2.0.2-109.el5sat | cpe:/a:redhat:network_satellite:5.6::el5 | RHSA-2016:1430 | 2016-07-18T00:00:00Z |
| Red Hat Satellite 5.7 | |||
| java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 | cpe:/a:redhat:network_satellite:5.7::el6 | RHSA-2016:1430 | 2016-07-18T00:00:00Z |
| spacewalk-java-0:2.3.8-146.el6sat | cpe:/a:redhat:network_satellite:5.7::el6 | RHSA-2016:1430 | 2016-07-18T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-375-1 | libpng security update |
 Debian DSA |
DSA-3443-1 | libpng security update |
 Ubuntu USN |
USN-2861-1 | libpng vulnerabilities |
References
History
Sun, 13 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Subscriptions
Debian
Subscribe
Debian Linux
Subscribe
Fedoraproject
Subscribe
Fedora
Subscribe
Libpng
Subscribe
Libpng
Subscribe
Redhat
Subscribe
Enterprise Linux Desktop Supplementary
Subscribe
Enterprise Linux Hpc Node
Subscribe
Enterprise Linux Server Supplementary
Subscribe
Enterprise Linux Workstation Supplementary
Subscribe
Network Satellite
Subscribe
Rhel Extras
Subscribe
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T08:20:42.512Z
Reserved: 2015-12-10T00:00:00.000Z
Link: CVE-2015-8540
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2016-04-14T14:59:03.287
Modified: 2025-04-12T10:46:40.837
Link: CVE-2015-8540
Redhat
OpenCVE Enrichment
No data.