Detections
Analytics

CVE-2015-7981

medium

Description

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

References

https://security.gentoo.org/glsa/201611-08

https://access.redhat.com/errata/RHSA-2016:1430

http://www.ubuntu.com/usn/USN-2815-1

http://www.securitytracker.com/id/1034393

http://www.securityfocus.com/bid/77304

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

http://www.openwall.com/lists/oss-security/2015/10/26/3

http://www.openwall.com/lists/oss-security/2015/10/26/1

http://www.debian.org/security/2015/dsa-3399

http://sourceforge.net/projects/libpng/files/libpng12/1.2.54/

http://sourceforge.net/projects/libpng/files/libpng10/1.0.64/

http://sourceforge.net/p/libpng/bugs/241/

http://rhn.redhat.com/errata/RHSA-2015-2595.html

http://rhn.redhat.com/errata/RHSA-2015-2594.html

http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html

Details

Source: Mitre, NVD

Published: 2015-11-24

Updated: 2017-07-01

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: Medium