CVE-2015-7981

Description

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

CVSS Metrics

• v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 1.69%• Percentile: 83%

Techniques & Countermeasures

• CWE-200•Exposure of Sensitive Information to an Unauthorized Actor

  The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

• canonical•ubuntu_linux

  12.04 | 14.04 | 15.04 | 15.10

• debian•debian_linux

  7.0 | 8.0

• libpng•libpng

  1.00 | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.5 | 1.0.6 | 1.0.7 | 1.0.8 | 1.0.9 | 1.0.10 | 1.0.11 | 1.0.12 | 1.0.13 | 1.0.14 | 1.0.15 | 1.0.16 | 1.0.17 | 1.0.18 | 1.0.19 | 1.0.20 | 1.0.21 | 1.0.22 | 1.0.23 | 1.0.24 | 1.0.25 | 1.0.26 | 1.0.27 | 1.0.28 | 1.0.29 | 1.0.30 | 1.0.31 | 1.0.32 | 1.0.33 | 1.0.34 | 1.0.35 | 1.0.37 | 1.0.38 | 1.0.39 | 1.0.40 | 1.0.41 | 1.0.42 | 1.0.43 | 1.0.44 | 1.0.45 | 1.0.46 | 1.0.47 | 1.0.48 | 1.0.50 | 1.0.51 | 1.0.52 | 1.0.53 | 1.0.54 | 1.0.55 | 1.0.55:rc01 | 1.0.56 | 1.0.56:devel | 1.0.57 | 1.0.57:rc01 | 1.0.58 | 1.0.59 | 1.0.60 | 1.0.61 | 1.0.62 | 1.0.63 | 1.2.0 | 1.2.1 | 1.2.2 | 1.2.3 | 1.2.4 | 1.2.5 | 1.2.6 | 1.2.7 | 1.2.8 | 1.2.9 | 1.2.10 | 1.2.11 | 1.2.12 | 1.2.13 | 1.2.14 | 1.2.15 | 1.2.16 | 1.2.17 | 1.2.18 | 1.2.19 | 1.2.20 | 1.2.21 | 1.2.22 | 1.2.23 | 1.2.24 | 1.2.25 | 1.2.26 | 1.2.27 | 1.2.28 | 1.2.29 | 1.2.30 | 1.2.31 | 1.2.32 | 1.2.33 | 1.2.34 | 1.2.35 | 1.2.36 | 1.2.37 | 1.2.38 | 1.2.39 | 1.2.40 | 1.2.41 | 1.2.42 | 1.2.43 | 1.2.43:devel | 1.2.44 | 1.2.45 | 1.2.45:devel | 1.2.46 | 1.2.46:devel | 1.2.47 | 1.2.47:beta | 1.2.48 | 1.2.48:betas | 1.2.49 | 1.2.50 | 1.2.51 | 1.2.52 | 1.2.53 | 1.4.0 | 1.4.1 | 1.4.2 | 1.4.3 | 1.4.4 | 1.4.5 | 1.4.6 | 1.4.7 | 1.4.8 | 1.4.9 | 1.4.10 | 1.4.11 | 1.4.12 | 1.4.13 | 1.4.14 | 1.4.15 | 1.4.16

• redhat•enterprise_linux_desktop

  7.0 | 6.0

• redhat•enterprise_linux_hpc_node

  7.0 | 6.0

• redhat•enterprise_linux_hpc_node_eus

  7.2

• redhat•enterprise_linux_server

  7.0 | 6.0

• redhat•enterprise_linux_server_aus

  7.2

• redhat•enterprise_linux_server_eus

  7.2 | 6.7.z

• redhat•enterprise_linux_workstation

  7.0 | 6.0

References (21)

• http://www.securityfocus.com/bid/77304
• http://www.openwall.com/lists/oss-security/2015/10/26/1
• http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html
• http://sourceforge.net/projects/libpng/files/libpng10/1.0.64/
• http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html
• https://security.gentoo.org/glsa/201611-08
• http://www.openwall.com/lists/oss-security/2015/10/26/3
• http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html
• http://sourceforge.net/projects/libpng/files/libpng12/1.2.54/
• https://access.redhat.com/errata/RHSA-2016:1430
• http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html
• http://www.debian.org/security/2015/dsa-3399
• http://rhn.redhat.com/errata/RHSA-2015-2595.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
• http://sourceforge.net/projects/libpng/files/libpng14/1.4.17/
• http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
• http://www.securitytracker.com/id/1034393
• http://sourceforge.net/p/libpng/bugs/241/
• http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html
• http://www.ubuntu.com/usn/USN-2815-1
• http://rhn.redhat.com/errata/RHSA-2015-2594.html