what you don't know can hurt you
Showing 1 - 10 of 10 RSS Feed

CVE-2015-7981

Status Candidate

Overview

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

Related Files

Gentoo Linux Security Advisory 201611-08
Posted Nov 15, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-8 - Multiple vulnerabilities have been found in libpng, the worst of which may allow remote attackers to cause Denial of Service. Versions less than 1.6.21 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-7981, CVE-2015-8126, CVE-2015-8540
MD5 | 338856826bc1860d823880ef2a6c740d
Red Hat Security Advisory 2016-1430-01
Posted Jul 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1430-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376
MD5 | 8af2699b85d3c9ec404c4455e539b6f4
Red Hat Security Advisory 2016-0101-01
Posted Feb 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0101-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
MD5 | 9acfd3b5e4941b395c7820f9d0eb4298
Red Hat Security Advisory 2016-0099-01
Posted Feb 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0099-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
MD5 | fefe5243d862c1c80e08e69d52faae0d
Red Hat Security Advisory 2016-0100-01
Posted Feb 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0100-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
MD5 | 360858236a9feaee389d66affabe62fb
Red Hat Security Advisory 2015-2594-01
Posted Dec 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2594-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-7981, CVE-2015-8126, CVE-2015-8472
MD5 | 5eae6c77d390745cf6a6326945449864
Red Hat Security Advisory 2015-2595-01
Posted Dec 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2595-01 - The libpng12 packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-7981, CVE-2015-8126, CVE-2015-8472
MD5 | 5e87081c29a5a4c567a58e96135e9230
Slackware Security Advisory - libpng Updates
Posted Dec 3, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-7981
MD5 | 6b33b74cf7e84be4db2211c0e73b8088
Ubuntu Security Notice USN-2815-1
Posted Nov 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2815-1 - Mikulas Patocka discovered that libpng incorrectly handled certain large fields. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause libpng to crash, leading to a denial of service. This issue only affected Ubuntu 12.04 LTS. Qixue Xiao discovered that libpng incorrectly handled certain time values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause libpng to crash, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-3425, CVE-2015-7981, CVE-2015-8126
MD5 | 201bef84a36d4a9c9284745646519594
Debian Security Advisory 3399-1
Posted Nov 19, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3399-1 - Several vulnerabilities have been discovered in the libpng PNG library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-7981, CVE-2015-8126
MD5 | a1b2d285dddbe99c7b148802d2b4c4ed
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close