VulnerableCode Package Details - pkg:deb/debian/libpng@1.2.49-1%2Bdeb7u2

Search for packages

Vulnerability	Summary	Fixed by
VCID-9d14-kqac-nbbt Aliases: CVE-2015-8472	Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.	1.2.50-2+deb8u3 Affected by 0 other vulnerabilities.
VCID-ajs9-y6dt-5fhj Aliases: CVE-2015-8540	Out-of-bounds Read Integer underflow in the png_check_keyword function in pngwutil.c in libpng allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.	1.2.50-2+deb8u3 Affected by 0 other vulnerabilities.
VCID-cu24-1rcd-93g3 Aliases: CVE-2015-8126	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.	1.2.50-2+deb8u3 Affected by 0 other vulnerabilities.
VCID-yga5-gj6n-byga Aliases: CVE-2015-7981	Exposure of Sensitive Information to an Unauthorized Actor The png_convert_to_rfc1123 function in png.c in libpng allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.	1.2.50-2+deb8u3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9d14-kqac-nbbt
Aliases:
CVE-2015-8472

Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

1.2.50-2+deb8u3
Affected by 0 other vulnerabilities.

VCID-ajs9-y6dt-5fhj
Aliases:
CVE-2015-8540

Out-of-bounds Read Integer underflow in the png_check_keyword function in pngwutil.c in libpng allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

1.2.50-2+deb8u3
Affected by 0 other vulnerabilities.

VCID-cu24-1rcd-93g3
Aliases:
CVE-2015-8126

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

1.2.50-2+deb8u3
Affected by 0 other vulnerabilities.

VCID-yga5-gj6n-byga
Aliases:
CVE-2015-7981

Exposure of Sensitive Information to an Unauthorized Actor The png_convert_to_rfc1123 function in png.c in libpng allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

1.2.50-2+deb8u3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9d14-kqac-nbbt	Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.	CVE-2015-8472
VCID-ajs9-y6dt-5fhj	Out-of-bounds Read Integer underflow in the png_check_keyword function in pngwutil.c in libpng allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.	CVE-2015-8540
VCID-cu24-1rcd-93g3	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.	CVE-2015-8126
VCID-yga5-gj6n-byga	Exposure of Sensitive Information to an Unauthorized Actor The png_convert_to_rfc1123 function in png.c in libpng allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.	CVE-2015-7981

Vulnerability

Summary

Aliases

VCID-9d14-kqac-nbbt

CVE-2015-8472

VCID-ajs9-y6dt-5fhj

CVE-2015-8540

VCID-cu24-1rcd-93g3

CVE-2015-8126

VCID-yga5-gj6n-byga

CVE-2015-7981

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T13:54:30.995782+00:00	Debian Oval Importer	Affected by	VCID-ajs9-y6dt-5fhj	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-15T13:50:16.519532+00:00	Debian Oval Importer	Affected by	VCID-cu24-1rcd-93g3	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-15T13:43:05.466007+00:00	Debian Oval Importer	Affected by	VCID-yga5-gj6n-byga	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-15T13:23:33.595587+00:00	Debian Oval Importer	Affected by	VCID-9d14-kqac-nbbt	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-15T13:10:27.304956+00:00	Debian Oval Importer	Fixing	VCID-ajs9-y6dt-5fhj	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T12:57:46.627754+00:00	Debian Oval Importer	Fixing	VCID-9d14-kqac-nbbt	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T12:56:31.716961+00:00	Debian Oval Importer	Fixing	VCID-cu24-1rcd-93g3	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T12:51:19.821143+00:00	Debian Oval Importer	Fixing	VCID-yga5-gj6n-byga	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-11T13:43:12.150692+00:00	Debian Oval Importer	Affected by	VCID-ajs9-y6dt-5fhj	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-11T13:38:57.774680+00:00	Debian Oval Importer	Affected by	VCID-cu24-1rcd-93g3	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-11T13:31:47.283263+00:00	Debian Oval Importer	Affected by	VCID-yga5-gj6n-byga	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-11T13:12:18.139077+00:00	Debian Oval Importer	Affected by	VCID-9d14-kqac-nbbt	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-11T12:59:11.266113+00:00	Debian Oval Importer	Fixing	VCID-ajs9-y6dt-5fhj	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:46:22.019720+00:00	Debian Oval Importer	Fixing	VCID-9d14-kqac-nbbt	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:45:06.169792+00:00	Debian Oval Importer	Fixing	VCID-cu24-1rcd-93g3	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:39:49.773052+00:00	Debian Oval Importer	Fixing	VCID-yga5-gj6n-byga	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-08T13:11:33.767535+00:00	Debian Oval Importer	Affected by	VCID-9d14-kqac-nbbt	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0
2026-04-07T22:18:43.833088+00:00	Debian Oval Importer	Affected by	VCID-ajs9-y6dt-5fhj	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0
2026-04-07T22:14:32.562068+00:00	Debian Oval Importer	Affected by	VCID-cu24-1rcd-93g3	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0
2026-04-07T22:07:28.878824+00:00	Debian Oval Importer	Affected by	VCID-yga5-gj6n-byga	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0
2026-04-07T21:34:04.857431+00:00	Debian Oval Importer	Fixing	VCID-ajs9-y6dt-5fhj	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-03T22:02:38.638243+00:00	Debian Oval Importer	Fixing	VCID-9d14-kqac-nbbt	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-03T21:55:18.689980+00:00	Debian Oval Importer	Fixing	VCID-cu24-1rcd-93g3	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-03T21:49:41.492041+00:00	Debian Oval Importer	Fixing	VCID-yga5-gj6n-byga	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-02T13:04:16.795481+00:00	Debian Oval Importer	Fixing	VCID-9d14-kqac-nbbt	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.0.0
2026-04-02T13:01:25.213940+00:00	Debian Oval Importer	Fixing	VCID-cu24-1rcd-93g3	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.0.0
2026-04-02T12:55:47.416685+00:00	Debian Oval Importer	Fixing	VCID-yga5-gj6n-byga	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.0.0