Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (4)
| Vulnerability |
Summary |
Aliases |
|
VCID-9d14-kqac-nbbt
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
|
CVE-2015-8472
|
|
VCID-ajs9-y6dt-5fhj
|
Out-of-bounds Read
Integer underflow in the png_check_keyword function in pngwutil.c in libpng allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
|
CVE-2015-8540
|
|
VCID-cu24-1rcd-93g3
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
|
CVE-2015-8126
|
|
VCID-yga5-gj6n-byga
|
Exposure of Sensitive Information to an Unauthorized Actor
The png_convert_to_rfc1123 function in png.c in libpng allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
|
CVE-2015-7981
|