VulnerableCode Package Details - pkg:rpm/redhat/libpng@2:1.2.49-2?arch=el6

Search for packages

Vulnerability	Summary	Fixed by
VCID-9d14-kqac-nbbt Aliases: CVE-2015-8472	Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.	There are no reported fixed by versions.
VCID-cu24-1rcd-93g3 Aliases: CVE-2015-8126	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.	There are no reported fixed by versions.
VCID-yga5-gj6n-byga Aliases: CVE-2015-7981	Exposure of Sensitive Information to an Unauthorized Actor The png_convert_to_rfc1123 function in png.c in libpng allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-9d14-kqac-nbbt
Aliases:
CVE-2015-8472

Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

There are no reported fixed by versions.

VCID-cu24-1rcd-93g3
Aliases:
CVE-2015-8126

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

There are no reported fixed by versions.

VCID-yga5-gj6n-byga
Aliases:
CVE-2015-7981

Exposure of Sensitive Information to an Unauthorized Actor The png_convert_to_rfc1123 function in png.c in libpng allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:39:28.069721+00:00	RedHat Importer	Affected by	VCID-yga5-gj6n-byga	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7981.json	38.0.0
2026-04-01T14:38:50.527384+00:00	RedHat Importer	Affected by	VCID-9d14-kqac-nbbt	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8472.json	38.0.0
2026-04-01T14:38:49.950950+00:00	RedHat Importer	Affected by	VCID-cu24-1rcd-93g3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8126.json	38.0.0