Cent OS: CVE-2015-8472: CESA-2015:2594 (libpng)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | January 21, 2016 | December 01, 2016 | October 30, 2017 |
Description
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
centos-upgrade-libpngRelated Vulnerabilities
- Alpine Linux: CVE-2015-8472: libpng Incomplete fix for CVE-2015-8126
- ELSA-2015-2596 Moderate: Oracle Linux libpng security update
- F5 Networks: K81903701 (CVE-2015-8472): Libpng vulnerability CVE-2015-8472
- RHSA-2015:2596: libpng security update
- Debian: CVE-2015-8472: libpng -- security update
- RHSA-2015:2595: libpng12 security update
- Amazon Linux AMI: Security patch for libpng (ALAS-2015-615) (multiple CVEs)
- IBM AIX: java_jan2016_advisory (CVE-2015-8472): Vulnerability in IBM Java SDK affects AIX
- Ubuntu: USN-2861-1 (CVE-2015-8472): libpng vulnerabilities
- RHSA-2016:0101: java-1.6.0-ibm security update
- Oracle Solaris 11: CVE-2015-8472 (11.4 GA)
- ELSA-2015-2595 Moderate: Oracle Linux libpng12 security update
- FreeBSD: libpng buffer overflow in png_set_PLTE (Multiple CVEs)
- SUSE: CVE-2015-8472: SUSE Linux Security Advisory
- RHSA-2016:0099: java-1.7.1-ibm security update
- OS X update for apache_mod_php (CVE-2015-8472)
- OS X update for Python (CVE-2015-8472)
- IBM Java: Oracle January 19 2016 CPU (CVE-2015-8472)
- ELSA-2015-2594 Moderate: Oracle Linux libpng security update
- RHSA-2016:0100: java-1.7.0-ibm security update
- RHSA-2016:0098: java-1.8.0-ibm security update
- RHSA-2015:2594: libpng security update