CVE-2015-8472
Published: 01/21/2016 15:59:00
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
HIGH
CVSS v3: 7.3
CVSS v3: 7.3
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 25.1 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 24.4 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 24.4.0 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 24.3 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 24.2.1 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 24.2 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 24.1 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 23.3 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 23.2.1 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 23.2 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 23.1 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 22.4 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 22.3 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 22.2 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 22.1 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 21.11.1 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 21.11 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 21.8.1 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 21.8 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 21.5.1 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 21.5.0 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 21.2.0 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 11.4.20 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 11.4.19.3667 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 11.4.18.3599 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 11.4.17 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 11.4.16.3445 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.15.3368 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.14.3263 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.13.3179 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.12.3054 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.11.3040 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.11.2990 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.10.2934 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.9.2878 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.8.2822 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
LOW
Base Score
7.3
Base Severity
HIGH
Confidentiality Impact
LOW
Integrity Impact
LOW
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version
3.0