CVE-2015-7981

Published: 11/24/2015 20:59:15

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

MEDIUM
CVSS v2: 5

Status

DocFilters Release	Package	State	Justification	Comment
25.1	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.4	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.4.0	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.3	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.2.1	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.2	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.1	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
23.3	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
23.2.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
23.2	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
23.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
22.4	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
22.3	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
22.2	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
22.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.11.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.11	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.8.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.8	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.5.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.5.0	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.2.0	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.20	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.19.3667	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.18.3599	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.17	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.16.3445	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.15.3368	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.14.3263	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.13.3179	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.12.3054	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.11.3040	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.11.2990	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.10.2934	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.9.2878	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.8.2822	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.

Severity score breakdown

References

NVD
MITRE