AZL-44394

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-44394.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-44394

Upstream

CVE-2015-8472

Published

2016-01-21T15:59:00Z

Modified

2026-04-21T04:22:32.127743Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

CVE-2015-8472 affecting package fltk for versions less than 1.3.8-1

Details

Buffer overflow in the pngsetPLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

References

https://nvd.nist.gov/vuln/detail/CVE-2015-8472

Affected packages

Azure Linux:3 / fltk

Package

Name: fltk
Purl: pkg:rpm/azure-linux/fltk

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.8-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-44394.json"