VulnerableCode Package Details - pkg:deb/debian/libpng@1.2.50-2%2Bdeb8u3

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2vwq-s4y4-aaae	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.	CVE-2015-8126
VCID-52ek-nmkc-aaaf	Out-of-bounds Read Integer underflow in the png_check_keyword function in pngwutil.c in libpng allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.	CVE-2015-8540
VCID-canc-ytmr-aaae	Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.	CVE-2015-8472
VCID-t8mn-b96e-aaaj	Exposure of Sensitive Information to an Unauthorized Actor The png_convert_to_rfc1123 function in png.c in libpng allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.	CVE-2015-7981

Vulnerability

Summary

Aliases

VCID-2vwq-s4y4-aaae

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

CVE-2015-8126

VCID-52ek-nmkc-aaaf

Out-of-bounds Read Integer underflow in the png_check_keyword function in pngwutil.c in libpng allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

CVE-2015-8540

VCID-canc-ytmr-aaae

Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

CVE-2015-8472

VCID-t8mn-b96e-aaaj

Exposure of Sensitive Information to an Unauthorized Actor The png_convert_to_rfc1123 function in png.c in libpng allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

CVE-2015-7981

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T10:03:18.988994+00:00	Debian Oval Importer	Fixing	VCID-52ek-nmkc-aaaf	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:59:01.354573+00:00	Debian Oval Importer	Fixing	VCID-2vwq-s4y4-aaae	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:51:45.484088+00:00	Debian Oval Importer	Fixing	VCID-t8mn-b96e-aaaj	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:31:49.276964+00:00	Debian Oval Importer	Fixing	VCID-canc-ytmr-aaae	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-20T19:50:51.574762+00:00	Debian Oval Importer	Fixing	VCID-canc-ytmr-aaae	None	36.1.3
2025-06-20T19:43:35.552961+00:00	Debian Oval Importer	Fixing	VCID-t8mn-b96e-aaaj	None	36.1.3
2025-06-08T03:52:27.395621+00:00	Debian Oval Importer	Fixing	VCID-52ek-nmkc-aaaf	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:48:05.346574+00:00	Debian Oval Importer	Fixing	VCID-2vwq-s4y4-aaae	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:40:26.190321+00:00	Debian Oval Importer	Fixing	VCID-t8mn-b96e-aaaj	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:20:15.643754+00:00	Debian Oval Importer	Fixing	VCID-canc-ytmr-aaae	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-07T13:42:15.954032+00:00	Debian Oval Importer	Fixing	VCID-canc-ytmr-aaae	None	36.1.0
2025-06-07T13:36:19.955292+00:00	Debian Oval Importer	Fixing	VCID-t8mn-b96e-aaaj	None	36.1.0
2025-04-08T02:20:19.643807+00:00	Debian Oval Importer	Fixing	VCID-52ek-nmkc-aaaf	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:15:52.803364+00:00	Debian Oval Importer	Fixing	VCID-2vwq-s4y4-aaae	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:08:16.044671+00:00	Debian Oval Importer	Fixing	VCID-t8mn-b96e-aaaj	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T01:47:40.258118+00:00	Debian Oval Importer	Fixing	VCID-canc-ytmr-aaae	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-07T12:17:34.780531+00:00	Debian Oval Importer	Fixing	VCID-canc-ytmr-aaae	None	36.0.0
2025-04-07T12:11:45.303029+00:00	Debian Oval Importer	Fixing	VCID-t8mn-b96e-aaaj	None	36.0.0