CVE-2015-8540
Description
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
13.549
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.7 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.8 | Windows |
| PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.51-0ubuntu3_i386.deb | Linux |
| PNG (Portable Network Graphics) file library (USN-2815-1) libpng12-0_1.2.51-0ubuntu3_amd64.deb | Linux |
| PNG (Portable Network Graphics) file library (USN-2861-1) libpng12-0_1.2.46-3ubuntu4.2_i386.deb | Linux |
| PNG (Portable Network Graphics) file library (USN-2861-1) libpng12-0_1.2.46-3ubuntu4.2_amd64.deb | Linux |
| PNG (Portable Network Graphics) file library (USN-2861-1) libpng12-0_1.2.51-0ubuntu3.15.04.2_i386.deb | Linux |
| PNG (Portable Network Graphics) file library (USN-2861-1) libpng12-0_1.2.51-0ubuntu3.15.04.2_amd64.deb | Linux |
| SUSE-SU-2017:0860-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpng12-0-1.2.50-19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0860-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpng12-0-32bit-1.2.50-19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0860-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpng12-0-debuginfo-1.2.50-19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0860-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpng12-0-debuginfo-32bit-1.2.50-19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0860-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpng12-debugsource-1.2.50-19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0901-1(SUSE Linux Enterprise Server 11-SP4 ) libpng12-0-1.2.31-5.43.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0901-1(SUSE Linux Enterprise Server 11-SP4 ) libpng12-0-32bit-1.2.31-5.43.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0950-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpng15-15-1.5.22-9.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0950-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpng15-15-debuginfo-1.5.22-9.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0950-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpng15-debugsource-1.5.22-9.1.x86_64.rpm | Linux |
| libpng Security Update (ALAS-2023-1904) libpng-1.5.13-8.amzn2.0.1.i686.rpm | Linux |
| libpng Security Update (ALAS-2023-1904) libpng-1.5.13-8.amzn2.0.1.x86_64.rpm | Linux |
| libpng Security Update (ALAS-2023-1904) libpng-devel-1.5.13-8.amzn2.0.1.x86_64.rpm | Linux |
| libpng Security Update (ALAS-2023-1904) libpng-static-1.5.13-8.amzn2.0.1.x86_64.rpm | Linux |
| libpng Security Update (ALAS2-2023-1904) libpng-1.5.13-8.amzn2.0.1.x86_64.rpm | Linux |
| libpng Security Update (ALAS2-2023-1904) libpng-1.5.13-8.amzn2.0.1.i686.rpm | Linux |
| libpng Security Update (ALAS2-2023-1904) libpng-devel-1.5.13-8.amzn2.0.1.x86_64.rpm | Linux |
| libpng Security Update (ALAS2-2023-1904) libpng-static-1.5.13-8.amzn2.0.1.x86_64.rpm | Linux |
| CVE-2015-8540 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234