Libpng
CVE-2015-8126
HIGH
Severity by source
AV:N/AC:L/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
AnalysisAI
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Technical ContextAI
This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Affected products include: Libpng, Fedoraproject Fedora, Opensuse Leap, Opensuse, Suse Linux Enterprise Desktop. Version information: before 1.0.64.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows
Denial of service (with limited memory disclosure) in libpng before 1.6.55 lets an attacker supply a specially crafted b
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL poi
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. Rated medium severity (CVS
An issue has been found in libpng 1.6.34. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable,
Libpng versions 1.6.51-1.6.53 contain a heap buffer over-read in the simplified API function png_image_finish_read when
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_creat
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngim
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today