CVE-2015-7981
24.11.2015, 20:59
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 15.04 |
| canonical | ubuntu_linux | 15.10 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_hpc_node | 7.0 |
| redhat | enterprise_linux_hpc_node_eus | 7.2 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.2 |
| redhat | enterprise_linux_server_eus | 7.2 |
| redhat | enterprise_linux_workstation | 7.0 |
| libpng | libpng | 1.0.0 |
| libpng | libpng | 1.0.1 |
| libpng | libpng | 1.0.2 |
| libpng | libpng | 1.0.3 |
| libpng | libpng | 1.0.5 |
| libpng | libpng | 1.0.6 |
| libpng | libpng | 1.0.7 |
| libpng | libpng | 1.0.8 |
| libpng | libpng | 1.0.9 |
| libpng | libpng | 1.0.10 |
| libpng | libpng | 1.0.11 |
| libpng | libpng | 1.0.12 |
| libpng | libpng | 1.0.13 |
| libpng | libpng | 1.0.14 |
| libpng | libpng | 1.0.15 |
| libpng | libpng | 1.0.16 |
| libpng | libpng | 1.0.17 |
| libpng | libpng | 1.0.18 |
| libpng | libpng | 1.0.19 |
| libpng | libpng | 1.0.20 |
| libpng | libpng | 1.0.21 |
| libpng | libpng | 1.0.22 |
| libpng | libpng | 1.0.23 |
| libpng | libpng | 1.0.24 |
| libpng | libpng | 1.0.25 |
| libpng | libpng | 1.0.26 |
| libpng | libpng | 1.0.27 |
| libpng | libpng | 1.0.28 |
| libpng | libpng | 1.0.29 |
| libpng | libpng | 1.0.30 |
| libpng | libpng | 1.0.31 |
| libpng | libpng | 1.0.32 |
| libpng | libpng | 1.0.33 |
| libpng | libpng | 1.0.34 |
| libpng | libpng | 1.0.35 |
| libpng | libpng | 1.0.37 |
| libpng | libpng | 1.0.38 |
| libpng | libpng | 1.0.39 |
| libpng | libpng | 1.0.40 |
| libpng | libpng | 1.0.41 |
| libpng | libpng | 1.0.42 |
| libpng | libpng | 1.0.43 |
| libpng | libpng | 1.0.44 |
| libpng | libpng | 1.0.45 |
| libpng | libpng | 1.0.46 |
| libpng | libpng | 1.0.47 |
| libpng | libpng | 1.0.48 |
| libpng | libpng | 1.0.50 |
| libpng | libpng | 1.0.51 |
| libpng | libpng | 1.0.52 |
| libpng | libpng | 1.0.53 |
| libpng | libpng | 1.0.54 |
| libpng | libpng | 1.0.55 |
| libpng | libpng | 1.0.55:rc01 |
| libpng | libpng | 1.0.56 |
| libpng | libpng | 1.0.56:devel |
| libpng | libpng | 1.0.57 |
| libpng | libpng | 1.0.57:rc01 |
| libpng | libpng | 1.0.58 |
| libpng | libpng | 1.0.59 |
| libpng | libpng | 1.0.60 |
| libpng | libpng | 1.0.61 |
| libpng | libpng | 1.0.62 |
| libpng | libpng | 1.0.63 |
| libpng | libpng | 1.2.0 |
| libpng | libpng | 1.2.1 |
| libpng | libpng | 1.2.2 |
| libpng | libpng | 1.2.3 |
| libpng | libpng | 1.2.4 |
| libpng | libpng | 1.2.5 |
| libpng | libpng | 1.2.6 |
| libpng | libpng | 1.2.7 |
| libpng | libpng | 1.2.8 |
| libpng | libpng | 1.2.9 |
| libpng | libpng | 1.2.10 |
| libpng | libpng | 1.2.11 |
| libpng | libpng | 1.2.12 |
| libpng | libpng | 1.2.13 |
| libpng | libpng | 1.2.14 |
| libpng | libpng | 1.2.15 |
| libpng | libpng | 1.2.16 |
| libpng | libpng | 1.2.17 |
| libpng | libpng | 1.2.18 |
| libpng | libpng | 1.2.19 |
| libpng | libpng | 1.2.20 |
| libpng | libpng | 1.2.21 |
| libpng | libpng | 1.2.22 |
| libpng | libpng | 1.2.23 |
| libpng | libpng | 1.2.24 |
| libpng | libpng | 1.2.25 |
| libpng | libpng | 1.2.26 |
| libpng | libpng | 1.2.27 |
| libpng | libpng | 1.2.28 |
| libpng | libpng | 1.2.29 |
| libpng | libpng | 1.2.30 |
| libpng | libpng | 1.2.31 |
| libpng | libpng | 1.2.32 |
| libpng | libpng | 1.2.33 |
| libpng | libpng | 1.2.34 |
| libpng | libpng | 1.2.35 |
| libpng | libpng | 1.2.36 |
| libpng | libpng | 1.2.37 |
| libpng | libpng | 1.2.38 |
| libpng | libpng | 1.2.39 |
| libpng | libpng | 1.2.40 |
| libpng | libpng | 1.2.41 |
| libpng | libpng | 1.2.42 |
| libpng | libpng | 1.2.43 |
| libpng | libpng | 1.2.43:devel |
| libpng | libpng | 1.2.44 |
| libpng | libpng | 1.2.45 |
| libpng | libpng | 1.2.45:devel |
| libpng | libpng | 1.2.46 |
| libpng | libpng | 1.2.46:devel |
| libpng | libpng | 1.2.47 |
| libpng | libpng | 1.2.47:beta |
| libpng | libpng | 1.2.48 |
| libpng | libpng | 1.2.48:betas |
| libpng | libpng | 1.2.49 |
| libpng | libpng | 1.2.50 |
| libpng | libpng | 1.2.51 |
| libpng | libpng | 1.2.52 |
| libpng | libpng | 1.2.53 |
| libpng | libpng | 1.4.0 |
| libpng | libpng | 1.4.1 |
| libpng | libpng | 1.4.2 |
| libpng | libpng | 1.4.3 |
| libpng | libpng | 1.4.4 |
| libpng | libpng | 1.4.5 |
| libpng | libpng | 1.4.6 |
| libpng | libpng | 1.4.7 |
| libpng | libpng | 1.4.8 |
| libpng | libpng | 1.4.9 |
| libpng | libpng | 1.4.10 |
| libpng | libpng | 1.4.11 |
| libpng | libpng | 1.4.12 |
| libpng | libpng | 1.4.13 |
| libpng | libpng | 1.4.14 |
| libpng | libpng | 1.4.15 |
| libpng | libpng | 1.4.16 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_hpc_node | 6.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server_eus | 6.7.z:z |
| redhat | enterprise_linux_workstation | 6.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| chromium-browser |
| ||||||||
| firefox |
| ||||||||
| libpng |
| ||||||||
| thunderbird |
|
openSUSE / SLES Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| java-1.6.0-ibm |
| ||||
| java-1.6.0-ibm-demo |
| ||||
| java-1.6.0-ibm-devel |
| ||||
| java-1.6.0-ibm-javacomm |
| ||||
| java-1.6.0-ibm-jdbc |
| ||||
| java-1.6.0-ibm-plugin |
| ||||
| java-1.6.0-ibm-src |
| ||||
| java-1.7.1-ibm |
| ||||
| java-1.7.1-ibm-demo |
| ||||
| java-1.7.1-ibm-devel |
| ||||
| java-1.7.1-ibm-jdbc |
| ||||
| java-1.7.1-ibm-plugin |
| ||||
| java-1.7.1-ibm-src |
| ||||
| libpng |
| ||||
| libpng-devel |
| ||||
| libpng-static |
| ||||
| libpng12 |
| ||||
| libpng12-devel |
|
Common Weakness Enumeration
References