Home

CVE-2015-7981

Description

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
2.008

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.0Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.5Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.6Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.7Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.8Windows
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.46-3ubuntu4.1_i386.debLinux
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.46-3ubuntu4.1_amd64.debLinux
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.50-1ubuntu2.14.04.1_i386.debLinux
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.50-1ubuntu2.14.04.1_amd64.debLinux
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.51-0ubuntu3.15.04.1_i386.debLinux
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.51-0ubuntu3.15.04.1_amd64.debLinux
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.51-0ubuntu3_i386.debLinux
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.51-0ubuntu3_amd64.debLinux
Libpng security update (CESA-2015:2594) libpng-1.2.49-2.el6_7.i686.rpmLinux
Libpng security update (CESA-2015:2594) libpng-1.2.49-2.el6_7.x86_64.rpmLinux
Libpng security update (CESA-2015:2594) libpng-devel-1.2.49-2.el6_7.i686.rpmLinux
Libpng security update (CESA-2015:2594) libpng-devel-1.2.49-2.el6_7.x86_64.rpmLinux
Libpng security update (CESA-2015:2594) libpng-static-1.2.49-2.el6_7.i686.rpmLinux
Libpng security update (CESA-2015:2594) libpng-static-1.2.49-2.el6_7.x86_64.rpmLinux
(RHSA-2015:2594) Moderate: libpng security update libpng-1.2.49-2.el6_7.i686.rpmLinux
(RHSA-2015:2594) Moderate: libpng security update libpng-1.2.49-2.el6_7.x86_64.rpmLinux
(RHSA-2015:2594) Moderate: libpng security update libpng-devel-1.2.49-2.el6_7.i686.rpmLinux
(RHSA-2015:2594) Moderate: libpng security update libpng-devel-1.2.49-2.el6_7.x86_64.rpmLinux
(RHSA-2015:2594) Moderate: libpng security update libpng-static-1.2.49-2.el6_7.i686.rpmLinux
(RHSA-2015:2594) Moderate: libpng security update libpng-static-1.2.49-2.el6_7.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) MozillaFirefox-38.7.0esr-37.3.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) MozillaFirefox-translations-38.7.0esr-37.3.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) libfreebl3-3.20.2-28.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) libfreebl3-32bit-3.20.2-28.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) libsoftokn3-3.20.2-28.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) libsoftokn3-32bit-3.20.2-28.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nspr-4.12-24.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nspr-32bit-4.12-24.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nss-3.20.2-28.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nss-32bit-3.20.2-28.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nss-tools-3.20.2-28.1.x86_64.rpmLinux
Libpng update (ELSA-2015-2594) libpng-1.2.49-2.el6_7.x86_64.rpmLinux
Libpng-devel update (ELSA-2015-2594) libpng-devel-1.2.49-2.el6_7.x86_64.rpmLinux
Libpng-static update (ELSA-2015-2594) libpng-static-1.2.49-2.el6_7.x86_64.rpmLinux
Libpng update (ELSA-2015-2594) libpng-1.2.49-2.el6_7.i686.rpmLinux
Libpng-devel update (ELSA-2015-2594) libpng-devel-1.2.49-2.el6_7.i686.rpmLinux
Libpng-static update (ELSA-2015-2594) libpng-static-1.2.49-2.el6_7.i686.rpmLinux
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7981)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234