VulnerableCode Package Details - pkg:deb/debian/libpng@1.2.15~beta5-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-9d14-kqac-nbbt Aliases: CVE-2015-8472	Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.	1.2.49-1+deb7u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.2.50-2+deb8u3 Affected by 0 other vulnerabilities.
VCID-ajs9-y6dt-5fhj Aliases: CVE-2015-8540	Out-of-bounds Read Integer underflow in the png_check_keyword function in pngwutil.c in libpng allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.	1.2.49-1+deb7u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.2.50-2+deb8u3 Affected by 0 other vulnerabilities.
VCID-cu24-1rcd-93g3 Aliases: CVE-2015-8126	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.	1.2.49-1+deb7u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.2.50-2+deb8u3 Affected by 0 other vulnerabilities.
VCID-yga5-gj6n-byga Aliases: CVE-2015-7981	Exposure of Sensitive Information to an Unauthorized Actor The png_convert_to_rfc1123 function in png.c in libpng allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.	1.2.49-1+deb7u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.2.50-2+deb8u3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9d14-kqac-nbbt
Aliases:
CVE-2015-8472

Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

1.2.49-1+deb7u2
Affected by 4 other vulnerabilities.

1.2.50-2+deb8u3
Affected by 0 other vulnerabilities.

VCID-ajs9-y6dt-5fhj
Aliases:
CVE-2015-8540

Out-of-bounds Read Integer underflow in the png_check_keyword function in pngwutil.c in libpng allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

1.2.49-1+deb7u2
Affected by 4 other vulnerabilities.

1.2.50-2+deb8u3
Affected by 0 other vulnerabilities.

VCID-cu24-1rcd-93g3
Aliases:
CVE-2015-8126

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

1.2.49-1+deb7u2
Affected by 4 other vulnerabilities.

1.2.50-2+deb8u3
Affected by 0 other vulnerabilities.

VCID-yga5-gj6n-byga
Aliases:
CVE-2015-7981

Exposure of Sensitive Information to an Unauthorized Actor The png_convert_to_rfc1123 function in png.c in libpng allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

1.2.49-1+deb7u2
Affected by 4 other vulnerabilities.

1.2.50-2+deb8u3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T13:54:30.978268+00:00	Debian Oval Importer	Affected by	VCID-ajs9-y6dt-5fhj	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-15T13:50:16.502022+00:00	Debian Oval Importer	Affected by	VCID-cu24-1rcd-93g3	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-15T13:43:05.448761+00:00	Debian Oval Importer	Affected by	VCID-yga5-gj6n-byga	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-15T13:23:33.578128+00:00	Debian Oval Importer	Affected by	VCID-9d14-kqac-nbbt	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-15T13:10:27.288288+00:00	Debian Oval Importer	Affected by	VCID-ajs9-y6dt-5fhj	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T12:57:46.612065+00:00	Debian Oval Importer	Affected by	VCID-9d14-kqac-nbbt	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T12:56:31.700838+00:00	Debian Oval Importer	Affected by	VCID-cu24-1rcd-93g3	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T12:51:19.805201+00:00	Debian Oval Importer	Affected by	VCID-yga5-gj6n-byga	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-11T13:43:12.130983+00:00	Debian Oval Importer	Affected by	VCID-ajs9-y6dt-5fhj	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-11T13:38:57.752452+00:00	Debian Oval Importer	Affected by	VCID-cu24-1rcd-93g3	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-11T13:31:47.264575+00:00	Debian Oval Importer	Affected by	VCID-yga5-gj6n-byga	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-11T13:12:18.119622+00:00	Debian Oval Importer	Affected by	VCID-9d14-kqac-nbbt	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-11T12:59:11.245975+00:00	Debian Oval Importer	Affected by	VCID-ajs9-y6dt-5fhj	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:46:22.002858+00:00	Debian Oval Importer	Affected by	VCID-9d14-kqac-nbbt	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:45:06.153797+00:00	Debian Oval Importer	Affected by	VCID-cu24-1rcd-93g3	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:39:49.756400+00:00	Debian Oval Importer	Affected by	VCID-yga5-gj6n-byga	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-08T13:11:33.747221+00:00	Debian Oval Importer	Affected by	VCID-9d14-kqac-nbbt	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0
2026-04-07T22:18:43.812370+00:00	Debian Oval Importer	Affected by	VCID-ajs9-y6dt-5fhj	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0
2026-04-07T22:14:32.540417+00:00	Debian Oval Importer	Affected by	VCID-cu24-1rcd-93g3	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0
2026-04-07T22:07:28.860627+00:00	Debian Oval Importer	Affected by	VCID-yga5-gj6n-byga	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0
2026-04-07T21:34:04.835270+00:00	Debian Oval Importer	Affected by	VCID-ajs9-y6dt-5fhj	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-03T22:02:38.631919+00:00	Debian Oval Importer	Affected by	VCID-9d14-kqac-nbbt	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-03T21:55:18.670602+00:00	Debian Oval Importer	Affected by	VCID-cu24-1rcd-93g3	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-03T21:49:41.472434+00:00	Debian Oval Importer	Affected by	VCID-yga5-gj6n-byga	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-02T13:04:16.771111+00:00	Debian Oval Importer	Affected by	VCID-9d14-kqac-nbbt	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.0.0
2026-04-02T13:01:25.192889+00:00	Debian Oval Importer	Affected by	VCID-cu24-1rcd-93g3	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.0.0
2026-04-02T12:55:47.392423+00:00	Debian Oval Importer	Affected by	VCID-yga5-gj6n-byga	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.0.0