UBUNTU-CVE-2015-8540
- Source
- https://ubuntu.com/security/CVE-2015-8540
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-8540.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-8540
- Related
- Published
- 2015-12-11T00:00:00Z
- Modified
- 2015-12-11T00:00:00Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Integer underflow in the pngcheckkeyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
- References
Affected packages
Ubuntu:14.04:LTS / libpng
Package
- Name
- libpng
- Purl
- pkg:deb/ubuntu/libpng?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.50-1ubuntu2.14.04.2
Affected versions
1.*
1.2.49-4ubuntu1
1.2.49-5ubuntu1
1.2.50-1ubuntu1
1.2.50-1ubuntu2
1.2.50-1ubuntu2.14.04.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.2.50-1ubuntu2.14.04.2",
"binary_name": "libpng12-0"
},
{
"binary_version": "1.2.50-1ubuntu2.14.04.2",
"binary_name": "libpng12-0-dbgsym"
},
{
"binary_version": "1.2.50-1ubuntu2.14.04.2",
"binary_name": "libpng12-0-udeb"
},
{
"binary_version": "1.2.50-1ubuntu2.14.04.2",
"binary_name": "libpng12-0-udeb-dbgsym"
},
{
"binary_version": "1.2.50-1ubuntu2.14.04.2",
"binary_name": "libpng12-dev"
},
{
"binary_version": "1.2.50-1ubuntu2.14.04.2",
"binary_name": "libpng3"
}
]
}