CVE-2015-8126
Summary
| CVE | CVE-2015-8126 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-11-13 03:59:00 UTC |
| Updated | 2022-05-13 14:57:00 UTC |
| Description | Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. |
Risk And Classification
Problem Types: CWE-120
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 21 | All | All | All |
| Operating System | Fedoraproject | Fedora | 22 | All | All | All |
| Operating System | Fedoraproject | Fedora | 23 | All | All | All |
| Operating System | Fedoraproject | Fedora | 21 | All | All | All |
| Operating System | Fedoraproject | Fedora | 22 | All | All | All |
| Operating System | Fedoraproject | Fedora | 23 | All | All | All |
| Application | Libpng | Libpng | All | All | All | All |
| Application | Libpng | Libpng | All | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Application | Oracle | Jdk | 1.6.0 | update105 | All | All |
| Application | Oracle | Jdk | 1.6.0 | update_105 | All | All |
| Application | Oracle | Jdk | 1.7.0 | update91 | All | All |
| Application | Oracle | Jdk | 1.7.0 | update_91 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update65 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update66 | All | All |
| Application | Oracle | Jdk | 1.6.0 | update_105 | All | All |
| Application | Oracle | Jdk | 1.7.0 | update_91 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update65 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update66 | All | All |
| Application | Oracle | Jre | 1.6.0 | update105 | All | All |
| Application | Oracle | Jre | 1.6.0 | update_105 | All | All |
| Application | Oracle | Jre | 1.7.0 | update91 | All | All |
| Application | Oracle | Jre | 1.7.0 | update_91 | All | All |
| Application | Oracle | Jre | 1.8.0 | update65 | All | All |
| Application | Oracle | Jre | 1.8.0 | update66 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_65 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_66 | All | All |
| Application | Oracle | Jre | 1.6.0 | update_105 | All | All |
| Application | Oracle | Jre | 1.7.0 | update_91 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_65 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_66 | All | All |
| Operating System | Oracle | Linux | 6 | - | All | All |
| Operating System | Oracle | Linux | 7 | - | All | All |
| Operating System | Oracle | Linux | 6 | - | All | All |
| Operating System | Oracle | Linux | 7 | - | All | All |
| Operating System | Oracle | Solaris | 11.3 | All | All | All |
| Operating System | Oracle | Solaris | 11.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Application | Redhat | Satellite | 5.6 | All | All | All |
| Application | Redhat | Satellite | 5.7 | All | All | All |
| Application | Redhat | Satellite | 5.6 | All | All | All |
| Application | Redhat | Satellite | 5.7 | All | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | - | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | - | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | - | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | - | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | sp1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security-announce] openSUSE-SU-2016:0684-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2016:0263-1: critical: Security update f | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 | APPLE | lists.apple.com | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 21 Update: libpng10-1.0.64-1.fc21 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| openSUSE-SU-2015:2263-1: moderate: Security update for libpng12 | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2016:0664-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Debian -- Security Information -- DSA-3507-1 chromium-browser | DEBIAN | www.debian.org | Third Party Advisory |
| [SECURITY] Fedora 23 Update: libpng10-1.0.64-1.fc23 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| oss-security - CVE request: libpng buffer overflow in png_set_PLTE | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2015:2099-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| 560291 - Security: security vulnerabilities in libpng (CVE-2015-7981, CVE-2015-8126) - chromium - Monorail | CONFIRM | code.google.com | Issue Tracking, Patch, Third Party Advisory |
| Pony Mail! | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| [SECURITY] Fedora 22 Update: libpng10-1.0.64-1.fc22 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| openSUSE-SU-2015:2136-1: moderate: Security update for libpng12 | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 23 Update: mingw-libpng-1.6.21-1.fc23 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| Debian -- Security Information -- DSA-3399-1 libpng | DEBIAN | www.debian.org | Third Party Advisory |
| libpng: Multiple vulnerabilities (GLSA 201611-08) — Gentoo security | GENTOO | security.gentoo.org | Third Party Advisory |
| [security-announce] SUSE-SU-2016:0265-1: critical: Security update for j | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| libpng Buffer Overflow in png_set_PLTE()/png_get_PLTE() Files Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| [SECURITY] Fedora 22 Update: mingw-libpng-1.6.21-1.fc22 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| [SECURITY] Fedora 23 Update: libpng-1.6.17-3.fc23 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2016:0270-1: critical: Security update f | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 23 Update: mingw-libpng-1.6.19-1.fc23 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| [SECURITY] Fedora 23 Update: libpng-1.6.17-4.fc23 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| libpng CVE-2015-8126 Multiple Heap Based Buffer Overflow Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| openSUSE-SU-2016:0104-1: moderate: Security update for libpng15 | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] SUSE-SU-2016:0256-1: critical: Security update for j | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 22 Update: mingw-libpng-1.6.19-1.fc22 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| [SECURITY] Fedora 23 Update: libpng15-1.5.25-1.fc23 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| [security-announce] openSUSE-SU-2015:2100-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| [SECURITY] Fedora 22 Update: libpng15-1.5.25-1.fc22 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| [security-announce] openSUSE-SU-2016:0272-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2016:0729-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Oracle Linux Bulletin - October 2015 | CONFIRM | www.oracle.com | Third Party Advisory |
| McAfee KnowledgeBase - Intel Security - Security Bulletin: ePolicy Orchestrator update fixes multiple Oracle Java vulnerabilities | CONFIRM | kc.mcafee.com | Third Party Advisory |
| openSUSE-SU-2016:0105-1: moderate: Security update for libpng16 | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2016:0268-1: critical: Security update f | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Chrome Releases: Stable Channel Update | CONFIRM | googlechromereleases.blogspot.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| openSUSE-SU-2016:0103-1: moderate: Security update for libpng12 | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Chromium: Multiple vulnerabilities (GLSA 201603-09) — Gentoo security | GENTOO | security.gentoo.org | Third Party Advisory |
| About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple Support | CONFIRM | support.apple.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:0665-1: important: Security update for | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2016:0279-1: critical: Security update f | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| openSUSE-SU-2015:2135-1: moderate: Security update for libpng16 | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| USN-2815-1: libpng vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:0269-1: critical: Security update for j | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| openSUSE-SU-2015:2262-1: moderate: Security update for libpng16 | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Oracle Critical Patch Update - January 2016 | CONFIRM | www.oracle.com | Third Party Advisory |
| Oracle Solaris Bulletin - July 2016 | CONFIRM | www.oracle.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.