CVE-2015-8540

Published: August 31, 2023Last modified: August 31, 2023

Description

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

Severity score breakdown

Status

References

• http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html
• http://sourceforge.net/p/libpng/bugs/244/
• http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
• http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/
• http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/
• http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/
• http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/
• http://www.debian.org/security/2016/dsa-3443
• http://www.openwall.com/lists/oss-security/2015/12/10/6
• http://www.openwall.com/lists/oss-security/2015/12/10/7
• http://www.openwall.com/lists/oss-security/2015/12/11/1
• http://www.openwall.com/lists/oss-security/2015/12/11/2
• http://www.openwall.com/lists/oss-security/2015/12/17/10
• http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
• http://www.securityfocus.com/bid/80592
• https://access.redhat.com/errata/RHSA-2016:1430
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
• https://security.gentoo.org/glsa/201611-08