CVE-2015-8472
Description
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
Risk Information
Base Score
7.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
Exploitation Probability
5.471
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.7 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.8 | Windows |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.4 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.4 Combo Update | Mac |
| PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.51-0ubuntu3_i386.deb | Linux |
| PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.51-0ubuntu3_amd64.deb | Linux |
| PNG (Portable Network Graphics) file library (USN-2861-1) libpng12-0_1.2.46-3ubuntu4.2_i386.deb | Linux |
| PNG (Portable Network Graphics) file library (USN-2861-1) libpng12-0_1.2.46-3ubuntu4.2_amd64.deb | Linux |
| PNG (Portable Network Graphics) file library (USN-2861-1) libpng12-0_1.2.50-1ubuntu2.14.04.3_amd64.deb | Linux |
| PNG (Portable Network Graphics) file library (USN-2861-1) libpng12-0_1.2.50-1ubuntu2.14.04.3_i386.deb | Linux |
| PNG (Portable Network Graphics) file library (USN-2861-1) libpng12-0_1.2.51-0ubuntu3.15.04.2_i386.deb | Linux |
| PNG (Portable Network Graphics) file library (USN-2861-1) libpng12-0_1.2.51-0ubuntu3.15.04.2_amd64.deb | Linux |
| PNG (Portable Network Graphics) file library (USN-2861-1) libpng12-0_1.2.51-0ubuntu3.15.10.2_amd64.deb | Linux |
| Libpng security update (CESA-2015:2594) libpng-1.2.49-2.el6_7.i686.rpm | Linux |
| Libpng security update (CESA-2015:2594) libpng-1.2.49-2.el6_7.x86_64.rpm | Linux |
| Libpng security update (CESA-2015:2594) libpng-devel-1.2.49-2.el6_7.i686.rpm | Linux |
| Libpng security update (CESA-2015:2594) libpng-devel-1.2.49-2.el6_7.x86_64.rpm | Linux |
| Libpng security update (CESA-2015:2594) libpng-static-1.2.49-2.el6_7.i686.rpm | Linux |
| Libpng security update (CESA-2015:2594) libpng-static-1.2.49-2.el6_7.x86_64.rpm | Linux |
| (RHSA-2015:2594) Moderate: libpng security update libpng-1.2.49-2.el6_7.i686.rpm | Linux |
| (RHSA-2015:2594) Moderate: libpng security update libpng-1.2.49-2.el6_7.x86_64.rpm | Linux |
| (RHSA-2015:2594) Moderate: libpng security update libpng-devel-1.2.49-2.el6_7.i686.rpm | Linux |
| (RHSA-2015:2594) Moderate: libpng security update libpng-devel-1.2.49-2.el6_7.x86_64.rpm | Linux |
| (RHSA-2015:2594) Moderate: libpng security update libpng-static-1.2.49-2.el6_7.i686.rpm | Linux |
| (RHSA-2015:2594) Moderate: libpng security update libpng-static-1.2.49-2.el6_7.x86_64.rpm | Linux |
| (RHSA-2015:2595) Moderate: libpng12 security update libpng12-1.2.50-7.el7_2.i686.rpm | Linux |
| (RHSA-2015:2595) Moderate: libpng12 security update libpng12-1.2.50-7.el7_2.x86_64.rpm | Linux |
| (RHSA-2015:2595) Moderate: libpng12 security update libpng12-devel-1.2.50-7.el7_2.i686.rpm | Linux |
| (RHSA-2015:2595) Moderate: libpng12 security update libpng12-devel-1.2.50-7.el7_2.x86_64.rpm | Linux |
| (RHSA-2015:2596) Moderate: libpng security update libpng-1.5.13-7.el7_2.i686.rpm | Linux |
| (RHSA-2015:2596) Moderate: libpng security update libpng-1.5.13-7.el7_2.x86_64.rpm | Linux |
| (RHSA-2015:2596) Moderate: libpng security update libpng-devel-1.5.13-7.el7_2.i686.rpm | Linux |
| (RHSA-2015:2596) Moderate: libpng security update libpng-devel-1.5.13-7.el7_2.x86_64.rpm | Linux |
| (RHSA-2015:2596) Moderate: libpng security update libpng-static-1.5.13-7.el7_2.i686.rpm | Linux |
| (RHSA-2015:2596) Moderate: libpng security update libpng-static-1.5.13-7.el7_2.x86_64.rpm | Linux |
| SUSE-SU-2016:0269-1(SUSE Linux Enterprise Desktop 11-SP3 ) java-1_7_0-openjdk-1.7.0.95-0.17.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0269-1(SUSE Linux Enterprise Desktop 11-SP3 ) java-1_7_0-openjdk-demo-1.7.0.95-0.17.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0269-1(SUSE Linux Enterprise Desktop 11-SP3 ) java-1_7_0-openjdk-devel-1.7.0.95-0.17.2.x86_64.rpm | Linux |
| (RHSA-2015:2595)Moderate: security update libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm | Linux |
| (RHSA-2015:2595)Moderate: security update libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm | Linux |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-8472) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600754 | OS X El Capitan 10.11.6 Combo Update |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234