Home

CVE-2015-8126

Description

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

Risk Information

Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
7.516

Associated Vulnerability

VulnerabilityOS Platform
Update for Google Chrome (45.0.2454.93)Windows
Update for Google Chrome x64 (45.0.2454.93)Windows
Update for Google Chrome (45.0.2454.99)Windows
Update for Google Chrome x64 (45.0.2454.99)Windows
Update for Google Chrome (48.0.2564.97)Windows
Update for Google Chrome x64 (48.0.2564.97)Windows
Update for Google Chrome (49.0.2623.75)Windows
Update for Google Chrome x64 (49.0.2623.75)Windows
Multiple Vulnerabilities are affected in Java SE Development Kit 1.8.0Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 7 7.13Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 7 (x64) 7.13Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) 8.13Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.13Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.0Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.5Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.6Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.7Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.8Windows
Multiple vulnerabilities are fixed in Update for Google Chrome For Mac (49.0.2623.75)Mac
Multiple vulnerabilities are fixed in OS X El Capitan 10.11.4 UpdateMac
Multiple vulnerabilities are fixed in OS X El Capitan 10.11.4 Combo UpdateMac
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.46-3ubuntu4.1_i386.debLinux
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.46-3ubuntu4.1_amd64.debLinux
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.50-1ubuntu2.14.04.1_i386.debLinux
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.50-1ubuntu2.14.04.1_amd64.debLinux
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.51-0ubuntu3.15.04.1_i386.debLinux
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.51-0ubuntu3.15.04.1_amd64.debLinux
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.51-0ubuntu3_i386.debLinux
PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.51-0ubuntu3_amd64.debLinux
Libpng security update (CESA-2015:2594) libpng-1.2.49-2.el6_7.i686.rpmLinux
Libpng security update (CESA-2015:2594) libpng-1.2.49-2.el6_7.x86_64.rpmLinux
Libpng security update (CESA-2015:2594) libpng-devel-1.2.49-2.el6_7.i686.rpmLinux
Libpng security update (CESA-2015:2594) libpng-devel-1.2.49-2.el6_7.x86_64.rpmLinux
Libpng security update (CESA-2015:2594) libpng-static-1.2.49-2.el6_7.i686.rpmLinux
Libpng security update (CESA-2015:2594) libpng-static-1.2.49-2.el6_7.x86_64.rpmLinux
(RHSA-2015:2594) Moderate: libpng security update libpng-1.2.49-2.el6_7.i686.rpmLinux
(RHSA-2015:2594) Moderate: libpng security update libpng-1.2.49-2.el6_7.x86_64.rpmLinux
(RHSA-2015:2594) Moderate: libpng security update libpng-devel-1.2.49-2.el6_7.i686.rpmLinux
(RHSA-2015:2594) Moderate: libpng security update libpng-devel-1.2.49-2.el6_7.x86_64.rpmLinux
(RHSA-2015:2594) Moderate: libpng security update libpng-static-1.2.49-2.el6_7.i686.rpmLinux
(RHSA-2015:2594) Moderate: libpng security update libpng-static-1.2.49-2.el6_7.x86_64.rpmLinux
(RHSA-2015:2596) Moderate: libpng security update libpng-1.5.13-7.el7_2.i686.rpmLinux
(RHSA-2015:2596) Moderate: libpng security update libpng-1.5.13-7.el7_2.x86_64.rpmLinux
(RHSA-2015:2596) Moderate: libpng security update libpng-devel-1.5.13-7.el7_2.i686.rpmLinux
(RHSA-2015:2596) Moderate: libpng security update libpng-devel-1.5.13-7.el7_2.x86_64.rpmLinux
(RHSA-2015:2596) Moderate: libpng security update libpng-static-1.5.13-7.el7_2.i686.rpmLinux
(RHSA-2015:2596) Moderate: libpng security update libpng-static-1.5.13-7.el7_2.x86_64.rpmLinux
SUSE-SU-2016:0027-1(SUSE Linux Enterprise Desktop 12 ) libpng16-16-1.6.8-11.1.x86_64.rpmLinux
SUSE-SU-2016:0027-1(SUSE Linux Enterprise Desktop 12 ) libpng16-16-32bit-1.6.8-11.1.x86_64.rpmLinux
SUSE-SU-2016:0027-1(SUSE Linux Enterprise Desktop 12 ) libpng16-16-debuginfo-1.6.8-11.1.x86_64.rpmLinux
SUSE-SU-2016:0027-1(SUSE Linux Enterprise Desktop 12 ) libpng16-16-debuginfo-32bit-1.6.8-11.1.x86_64.rpmLinux
SUSE-SU-2016:0027-1(SUSE Linux Enterprise Desktop 12 ) libpng16-debugsource-1.6.8-11.1.x86_64.rpmLinux
SUSE-SU-2016:0050-1(SUSE Linux Enterprise Desktop 12 ) libpng12-0-1.2.50-13.1.x86_64.rpmLinux
SUSE-SU-2016:0050-1(SUSE Linux Enterprise Desktop 12 ) libpng12-0-32bit-1.2.50-13.1.x86_64.rpmLinux
SUSE-SU-2016:0050-1(SUSE Linux Enterprise Desktop 12 ) libpng12-0-debuginfo-1.2.50-13.1.x86_64.rpmLinux
SUSE-SU-2016:0050-1(SUSE Linux Enterprise Desktop 12 ) libpng12-0-debuginfo-32bit-1.2.50-13.1.x86_64.rpmLinux
SUSE-SU-2016:0050-1(SUSE Linux Enterprise Desktop 12 ) libpng12-debugsource-1.2.50-13.1.x86_64.rpmLinux
SUSE-SU-2016:0061-1(SUSE Linux Enterprise Desktop 11-SP3 ) libpng12-0-1.2.31-5.38.1.x86_64.rpmLinux
SUSE-SU-2016:0061-1(SUSE Linux Enterprise Desktop 11-SP3 ) libpng12-0-32bit-1.2.31-5.38.1.x86_64.rpmLinux
SUSE-SU-2016:0269-1(SUSE Linux Enterprise Desktop 11-SP3 ) java-1_7_0-openjdk-1.7.0.95-0.17.2.x86_64.rpmLinux
SUSE-SU-2016:0269-1(SUSE Linux Enterprise Desktop 11-SP3 ) java-1_7_0-openjdk-demo-1.7.0.95-0.17.2.x86_64.rpmLinux
SUSE-SU-2016:0269-1(SUSE Linux Enterprise Desktop 11-SP3 ) java-1_7_0-openjdk-devel-1.7.0.95-0.17.2.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) MozillaFirefox-38.7.0esr-37.3.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) MozillaFirefox-translations-38.7.0esr-37.3.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) libfreebl3-3.20.2-28.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) libfreebl3-32bit-3.20.2-28.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) libsoftokn3-3.20.2-28.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) libsoftokn3-32bit-3.20.2-28.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nspr-4.12-24.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nspr-32bit-4.12-24.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nss-3.20.2-28.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nss-32bit-3.20.2-28.1.x86_64.rpmLinux
SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nss-tools-3.20.2-28.1.x86_64.rpmLinux
Libpng update (ELSA-2015-2594) libpng-1.2.49-2.el6_7.x86_64.rpmLinux
Libpng-devel update (ELSA-2015-2594) libpng-devel-1.2.49-2.el6_7.x86_64.rpmLinux
Libpng-static update (ELSA-2015-2594) libpng-static-1.2.49-2.el6_7.x86_64.rpmLinux
Libpng update (ELSA-2015-2594) libpng-1.2.49-2.el6_7.i686.rpmLinux
Libpng-devel update (ELSA-2015-2594) libpng-devel-1.2.49-2.el6_7.i686.rpmLinux
Libpng-static update (ELSA-2015-2594) libpng-static-1.2.49-2.el6_7.i686.rpmLinux
Libpng update (ELSA-2015-2596) libpng-1.5.13-7.el7_2.x86_64.rpmLinux
Libpng-devel update (ELSA-2015-2596) libpng-devel-1.5.13-7.el7_2.x86_64.rpmLinux
Libpng-static update (ELSA-2015-2596) libpng-static-1.5.13-7.el7_2.x86_64.rpmLinux
Libpng update (ELSA-2015-2596) libpng-1.5.13-7.el7_2.i686.rpmLinux
Libpng-devel update (ELSA-2015-2596) libpng-devel-1.5.13-7.el7_2.i686.rpmLinux
Libpng-static update (ELSA-2015-2596) libpng-static-1.5.13-7.el7_2.i686.rpmLinux
Update for Google Chrome (45.0.2454.93) (For Ubuntu)Linux
Update for Google Chrome (45.0.2454.99) (For Ubuntu)Linux
Update for Google Chrome (48.0.2564.97) (For Ubuntu)Linux
Update for Google Chrome (49.0.2623.75) (For Ubuntu)Linux
Update for Google Chrome (45.0.2454.93) (For Debian)Linux
Update for Google Chrome (45.0.2454.99) (For Debian)Linux
Update for Google Chrome (48.0.2564.97) (For Debian)Linux
Update for Google Chrome (49.0.2623.75) (For Debian)Linux
Update for Google Chrome (45.0.2454.93) (For Centos)Linux
Update for Google Chrome (45.0.2454.99) (For Centos)Linux
Update for Google Chrome (48.0.2564.97) (For Centos)Linux
Update for Google Chrome (49.0.2623.75) (For Centos)Linux
Update for Google Chrome (45.0.2454.93) (For RedHat)Linux
Update for Google Chrome (45.0.2454.99) (For RedHat)Linux
Update for Google Chrome (48.0.2564.97) (For RedHat)Linux
Update for Google Chrome (49.0.2623.75) (For RedHat)Linux
Update for Google Chrome (45.0.2454.93) (For Suse)Linux
Update for Google Chrome (45.0.2454.99) (For Suse)Linux
Update for Google Chrome (48.0.2564.97) (For Suse)Linux
Update for Google Chrome (49.0.2623.75) (For Suse)Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-302553Update for Google Chrome x64 (45.0.2454.93)
PATCH-302561Update for Google Chrome (45.0.2454.99)
PATCH-302562Update for Google Chrome x64 (45.0.2454.99)
PATCH-303145Update for Google Chrome (48.0.2564.97)
PATCH-303146Update for Google Chrome x64 (48.0.2564.97)
PATCH-303256Update for Google Chrome (49.0.2623.75)
PATCH-303257Update for Google Chrome x64 (49.0.2623.75)
PATCH-333702Java SE Development Kit 8 Update 391 (32-bit) (8.0.3910.13) (JDK) (Manual Upload Required)
PATCH-344728Azul Zulu JDK 8 (MSI) (8.84.0.15)
PATCH-344692Azul Zulu JDK 8 (MSI) (x64) (8.84.0.15)
PATCH-609673Google Chrome for Mac (132.0.6834.83, 132.0.6834.84)
PATCH-600753OS X El Capitan 10.11.6 Update
PATCH-600754OS X El Capitan 10.11.6 Combo Update

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234