CVE-2015-8126 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Vendor	Product	Version
libpng	libpng	𝑥 < 1.0.64
libpng	libpng	1.1.1 ≤ 𝑥 < 1.2.54
libpng	libpng	1.3.0 ≤ 𝑥 < 1.4.17
libpng	libpng	1.5.0 ≤ 𝑥 < 1.5.24
libpng	libpng	1.6.0 ≤ 𝑥 < 1.6.19
opensuse	leap	42.1
opensuse	opensuse	13.1
opensuse	opensuse	13.2
debian	debian_linux	7.0
debian	debian_linux	8.0
debian	debian_linux	9.0
redhat	satellite	5.7
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	6.7
redhat	enterprise_linux_eus	7.2
redhat	enterprise_linux_eus	7.3
redhat	enterprise_linux_eus	7.4
redhat	enterprise_linux_eus	7.5
redhat	enterprise_linux_eus	7.6
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.2
redhat	enterprise_linux_server_aus	7.3
redhat	enterprise_linux_server_aus	7.4
redhat	enterprise_linux_server_aus	7.6
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_tus	7.2
redhat	enterprise_linux_server_tus	7.3
redhat	enterprise_linux_server_tus	7.6
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
redhat	satellite	5.6
oracle	jdk	1.6.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	1.8.0
oracle	jre	1.6.0
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	1.8.0
oracle	solaris	11.3
apple	mac_os_x	𝑥 < 10.11.4
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	15.04
canonical	ubuntu_linux	15.10

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

chromium-browser

wily	not-affected
vivid	not-affected
trusty	dne
precise	not-affected

firefox

wily	not-affected
vivid	not-affected
trusty	dne
precise	not-affected

libpng

wily	Fixed 1.2.51-0ubuntu3.15.10.1 released
vivid	Fixed 1.2.51-0ubuntu3.15.04.1 released
trusty	Fixed 1.2.50-1ubuntu2.14.04.1 released
precise	Fixed 1.2.46-3ubuntu4.1 released

openjdk-6

wily	not-affected
vivid	not-affected
trusty	dne
precise	not-affected

openjdk-7

wily	not-affected
vivid	not-affected
trusty	dne
precise	not-affected

openjdk-8

wily	not-affected
vivid	not-affected
trusty	dne
precise	dne

thunderbird

wily	not-affected
vivid	not-affected
trusty	dne
precise	not-affected

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html

http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html

http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html

http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html

http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html

http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html

http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html

http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html

http://rhn.redhat.com/errata/RHSA-2015-2594.html

http://rhn.redhat.com/errata/RHSA-2015-2595.html

http://rhn.redhat.com/errata/RHSA-2015-2596.html

http://rhn.redhat.com/errata/RHSA-2016-0055.html

http://rhn.redhat.com/errata/RHSA-2016-0056.html

http://rhn.redhat.com/errata/RHSA-2016-0057.html

http://www.debian.org/security/2015/dsa-3399

http://www.debian.org/security/2016/dsa-3507

http://www.openwall.com/lists/oss-security/2015/11/12/2

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/77568

http://www.securitytracker.com/id/1034142

http://www.ubuntu.com/usn/USN-2815-1

https://access.redhat.com/errata/RHSA-2016:1430

https://code.google.com/p/chromium/issues/detail?id=560291

https://kc.mcafee.com/corporate/index?page=content&id=SB10148

https://security.gentoo.org/glsa/201603-09

https://security.gentoo.org/glsa/201611-08

https://support.apple.com/HT206167

http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html

http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html

http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html

http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html

http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html

http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html

http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html

http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html

http://rhn.redhat.com/errata/RHSA-2015-2594.html

http://rhn.redhat.com/errata/RHSA-2015-2595.html

http://rhn.redhat.com/errata/RHSA-2015-2596.html

http://rhn.redhat.com/errata/RHSA-2016-0055.html

http://rhn.redhat.com/errata/RHSA-2016-0056.html

http://rhn.redhat.com/errata/RHSA-2016-0057.html

http://www.debian.org/security/2015/dsa-3399

http://www.debian.org/security/2016/dsa-3507

http://www.openwall.com/lists/oss-security/2015/11/12/2

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/77568

http://www.securitytracker.com/id/1034142

http://www.ubuntu.com/usn/USN-2815-1

https://access.redhat.com/errata/RHSA-2016:1430

https://code.google.com/p/chromium/issues/detail?id=560291

https://kc.mcafee.com/corporate/index?page=content&id=SB10148

https://security.gentoo.org/glsa/201603-09

https://security.gentoo.org/glsa/201611-08

https://support.apple.com/HT206167