Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-7981

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

Related bugs and status

CVE-2015-7981 (Candidate) is related to these bugs:

Bug #1516592: CVE-2015-8126: Multiple buffer overflows

		In	Importance	Status
1516592	CVE-2015-8126: Multiple buffer overflows	libpng (Ubuntu)	High	Fix Released
1516592	CVE-2015-8126: Multiple buffer overflows	libpng (Ubuntu Trusty)	High	Fix Released
1516592	CVE-2015-8126: Multiple buffer overflows	libpng (Ubuntu Wily)	High	Fix Released
1516592	CVE-2015-8126: Multiple buffer overflows	libpng (Ubuntu Vivid)	High	Fix Released
1516592	CVE-2015-8126: Multiple buffer overflows	libpng (Ubuntu Precise)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2015102...
MLIST: [oss-security] 2015102...
CONFIRM: http://sourceforge.net...
CONFIRM: http://sourceforge.net...
CONFIRM: http://sourceforge.net...
CONFIRM: http://sourceforge.net...
DEBIAN: DSA-3399
UBUNTU: USN-2815-1
REDHAT: RHSA-2015:2594
REDHAT: RHSA-2015:2595
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
REDHAT: RHSA-2016:1430
BID: 77304
FEDORA: FEDORA-2015-1d87313b7c
FEDORA: FEDORA-2015-501493d853
FEDORA: FEDORA-2015-ec2ddd15d7
SUSE: openSUSE-SU-2015:2099
SUSE: openSUSE-SU-2015:2136
SECTRACK: 1034393
GENTOO: GLSA-201611-08