CVE-2015-7981

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.04
canonicalubuntu_linux
15.10
debiandebian_linux
7.0
debiandebian_linux
8.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_hpc_node
7.0
redhatenterprise_linux_hpc_node_eus
7.2
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.2
redhatenterprise_linux_server_eus
7.2
redhatenterprise_linux_workstation
7.0
libpnglibpng
1.0.0
libpnglibpng
1.0.1
libpnglibpng
1.0.2
libpnglibpng
1.0.3
libpnglibpng
1.0.5
libpnglibpng
1.0.6
libpnglibpng
1.0.7
libpnglibpng
1.0.8
libpnglibpng
1.0.9
libpnglibpng
1.0.10
libpnglibpng
1.0.11
libpnglibpng
1.0.12
libpnglibpng
1.0.13
libpnglibpng
1.0.14
libpnglibpng
1.0.15
libpnglibpng
1.0.16
libpnglibpng
1.0.17
libpnglibpng
1.0.18
libpnglibpng
1.0.19
libpnglibpng
1.0.20
libpnglibpng
1.0.21
libpnglibpng
1.0.22
libpnglibpng
1.0.23
libpnglibpng
1.0.24
libpnglibpng
1.0.25
libpnglibpng
1.0.26
libpnglibpng
1.0.27
libpnglibpng
1.0.28
libpnglibpng
1.0.29
libpnglibpng
1.0.30
libpnglibpng
1.0.31
libpnglibpng
1.0.32
libpnglibpng
1.0.33
libpnglibpng
1.0.34
libpnglibpng
1.0.35
libpnglibpng
1.0.37
libpnglibpng
1.0.38
libpnglibpng
1.0.39
libpnglibpng
1.0.40
libpnglibpng
1.0.41
libpnglibpng
1.0.42
libpnglibpng
1.0.43
libpnglibpng
1.0.44
libpnglibpng
1.0.45
libpnglibpng
1.0.46
libpnglibpng
1.0.47
libpnglibpng
1.0.48
libpnglibpng
1.0.50
libpnglibpng
1.0.51
libpnglibpng
1.0.52
libpnglibpng
1.0.53
libpnglibpng
1.0.54
libpnglibpng
1.0.55
libpnglibpng
1.0.55:rc01
libpnglibpng
1.0.56
libpnglibpng
1.0.56:devel
libpnglibpng
1.0.57
libpnglibpng
1.0.57:rc01
libpnglibpng
1.0.58
libpnglibpng
1.0.59
libpnglibpng
1.0.60
libpnglibpng
1.0.61
libpnglibpng
1.0.62
libpnglibpng
1.0.63
libpnglibpng
1.2.0
libpnglibpng
1.2.1
libpnglibpng
1.2.2
libpnglibpng
1.2.3
libpnglibpng
1.2.4
libpnglibpng
1.2.5
libpnglibpng
1.2.6
libpnglibpng
1.2.7
libpnglibpng
1.2.8
libpnglibpng
1.2.9
libpnglibpng
1.2.10
libpnglibpng
1.2.11
libpnglibpng
1.2.12
libpnglibpng
1.2.13
libpnglibpng
1.2.14
libpnglibpng
1.2.15
libpnglibpng
1.2.16
libpnglibpng
1.2.17
libpnglibpng
1.2.18
libpnglibpng
1.2.19
libpnglibpng
1.2.20
libpnglibpng
1.2.21
libpnglibpng
1.2.22
libpnglibpng
1.2.23
libpnglibpng
1.2.24
libpnglibpng
1.2.25
libpnglibpng
1.2.26
libpnglibpng
1.2.27
libpnglibpng
1.2.28
libpnglibpng
1.2.29
libpnglibpng
1.2.30
libpnglibpng
1.2.31
libpnglibpng
1.2.32
libpnglibpng
1.2.33
libpnglibpng
1.2.34
libpnglibpng
1.2.35
libpnglibpng
1.2.36
libpnglibpng
1.2.37
libpnglibpng
1.2.38
libpnglibpng
1.2.39
libpnglibpng
1.2.40
libpnglibpng
1.2.41
libpnglibpng
1.2.42
libpnglibpng
1.2.43
libpnglibpng
1.2.43:devel
libpnglibpng
1.2.44
libpnglibpng
1.2.45
libpnglibpng
1.2.45:devel
libpnglibpng
1.2.46
libpnglibpng
1.2.46:devel
libpnglibpng
1.2.47
libpnglibpng
1.2.47:beta
libpnglibpng
1.2.48
libpnglibpng
1.2.48:betas
libpnglibpng
1.2.49
libpnglibpng
1.2.50
libpnglibpng
1.2.51
libpnglibpng
1.2.52
libpnglibpng
1.2.53
libpnglibpng
1.4.0
libpnglibpng
1.4.1
libpnglibpng
1.4.2
libpnglibpng
1.4.3
libpnglibpng
1.4.4
libpnglibpng
1.4.5
libpnglibpng
1.4.6
libpnglibpng
1.4.7
libpnglibpng
1.4.8
libpnglibpng
1.4.9
libpnglibpng
1.4.10
libpnglibpng
1.4.11
libpnglibpng
1.4.12
libpnglibpng
1.4.13
libpnglibpng
1.4.14
libpnglibpng
1.4.15
libpnglibpng
1.4.16
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_hpc_node
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server_eus
6.7.z:z
redhatenterprise_linux_workstation
6.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
wily
not-affected
vivid
not-affected
trusty
dne
precise
not-affected
firefox
wily
not-affected
vivid
not-affected
trusty
dne
precise
not-affected
libpng
wily
Fixed 1.2.51-0ubuntu3.15.10.1
released
vivid
Fixed 1.2.51-0ubuntu3.15.04.1
released
trusty
Fixed 1.2.50-1ubuntu2.14.04.1
released
precise
Fixed 1.2.46-3ubuntu4.1
released
thunderbird
wily
not-affected
vivid
not-affected
trusty
dne
precise
not-affected
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html
http://rhn.redhat.com/errata/RHSA-2015-2594.html
http://rhn.redhat.com/errata/RHSA-2015-2595.html
http://sourceforge.net/p/libpng/bugs/241/
http://sourceforge.net/projects/libpng/files/libpng10/1.0.64/
http://sourceforge.net/projects/libpng/files/libpng12/1.2.54/
http://sourceforge.net/projects/libpng/files/libpng14/1.4.17/
http://www.debian.org/security/2015/dsa-3399
http://www.openwall.com/lists/oss-security/2015/10/26/1
http://www.openwall.com/lists/oss-security/2015/10/26/3
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/77304
http://www.securitytracker.com/id/1034393
http://www.ubuntu.com/usn/USN-2815-1
https://access.redhat.com/errata/RHSA-2016:1430
https://security.gentoo.org/glsa/201611-08
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html
http://rhn.redhat.com/errata/RHSA-2015-2594.html
http://rhn.redhat.com/errata/RHSA-2015-2595.html
http://sourceforge.net/p/libpng/bugs/241/
http://sourceforge.net/projects/libpng/files/libpng10/1.0.64/
http://sourceforge.net/projects/libpng/files/libpng12/1.2.54/
http://sourceforge.net/projects/libpng/files/libpng14/1.4.17/
http://www.debian.org/security/2015/dsa-3399
http://www.openwall.com/lists/oss-security/2015/10/26/1
http://www.openwall.com/lists/oss-security/2015/10/26/3
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/77304
http://www.securitytracker.com/id/1034393
http://www.ubuntu.com/usn/USN-2815-1
https://access.redhat.com/errata/RHSA-2016:1430
https://security.gentoo.org/glsa/201611-08