CVE-2015-8540
First published: Mon Dec 14 2015(Updated: )
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/libpng | <1.6.0 | 1.6.0 |
| redhat/libpng | <1.5.26 | 1.5.26 |
| redhat/libpng | <1.4.19 | 1.4.19 |
| redhat/libpng | <1.2.56 | 1.2.56 |
| redhat/libpng | <1.0.66 | 1.0.66 |
| F5 Traffix Systems Signaling Delivery Controller | ||
| redhat enterprise linux desktop supplementary | =5.0 | |
| redhat enterprise linux desktop supplementary | =6.0 | |
| Red Hat Enterprise Linux HPC Node | =6.0 | |
| Red Hat Enterprise Linux Server Supplementary | =5.0 | |
| Red Hat Enterprise Linux Server Supplementary | =6.0 | |
| Red Hat Enterprise Linux Workstation Supplementary | =6.0 | |
| libpng | =1.2.0 | |
| libpng | =1.2.1 | |
| libpng | =1.2.2 | |
| libpng | =1.2.3 | |
| libpng | =1.2.4 | |
| libpng | =1.2.5 | |
| libpng | =1.2.6 | |
| libpng | =1.2.7 | |
| libpng | =1.2.8 | |
| libpng | =1.2.9 | |
| libpng | =1.2.10 | |
| libpng | =1.2.11 | |
| libpng | =1.2.12 | |
| libpng | =1.2.13 | |
| libpng | =1.2.14 | |
| libpng | =1.2.15 | |
| libpng | =1.2.16 | |
| libpng | =1.2.17 | |
| libpng | =1.2.18 | |
| libpng | =1.2.19 | |
| libpng | =1.2.20 | |
| libpng | =1.2.21 | |
| libpng | =1.2.22 | |
| libpng | =1.2.23 | |
| libpng | =1.2.24 | |
| libpng | =1.2.25 | |
| libpng | =1.2.26 | |
| libpng | =1.2.27 | |
| libpng | =1.2.28 | |
| libpng | =1.2.29 | |
| libpng | =1.2.30 | |
| libpng | =1.2.31 | |
| libpng | =1.2.32 | |
| libpng | =1.2.33 | |
| libpng | =1.2.34 | |
| libpng | =1.2.35 | |
| libpng | =1.2.36 | |
| libpng | =1.2.37 | |
| libpng | =1.2.38 | |
| libpng | =1.2.39 | |
| libpng | =1.2.40 | |
| libpng | =1.2.41 | |
| libpng | =1.2.42 | |
| libpng | =1.2.43 | |
| libpng | =1.2.43-devel | |
| libpng | =1.2.44 | |
| libpng | =1.2.45 | |
| libpng | =1.2.45-devel | |
| libpng | =1.2.46 | |
| libpng | =1.2.46-devel | |
| libpng | =1.2.47 | |
| libpng | =1.2.47-beta | |
| libpng | =1.2.48 | |
| libpng | =1.2.48-betas | |
| libpng | =1.2.49 | |
| libpng | =1.2.50 | |
| libpng | =1.2.51 | |
| libpng | =1.2.52 | |
| libpng | =1.2.53 | |
| libpng | =1.2.54 | |
| libpng | =1.2.55 | |
| libpng | =1.1.1 | |
| libpng | =1.0.0 | |
| libpng | =1.0.1 | |
| libpng | =1.0.2 | |
| libpng | =1.0.3 | |
| libpng | =1.0.5 | |
| libpng | =1.0.6 | |
| libpng | =1.0.7 | |
| libpng | =1.0.8 | |
| libpng | =1.0.9 | |
| libpng | =1.0.10 | |
| libpng | =1.0.11 | |
| libpng | =1.0.12 | |
| libpng | =1.0.13 | |
| libpng | =1.0.14 | |
| libpng | =1.0.15 | |
| libpng | =1.0.16 | |
| libpng | =1.0.17 | |
| libpng | =1.0.18 | |
| libpng | =1.0.19 | |
| libpng | =1.0.20 | |
| libpng | =1.0.21 | |
| libpng | =1.0.22 | |
| libpng | =1.0.23 | |
| libpng | =1.0.24 | |
| libpng | =1.0.25 | |
| libpng | =1.0.26 | |
| libpng | =1.0.27 | |
| libpng | =1.0.28 | |
| libpng | =1.0.29 | |
| libpng | =1.0.30 | |
| libpng | =1.0.31 | |
| libpng | =1.0.32 | |
| libpng | =1.0.33 | |
| libpng | =1.0.34 | |
| libpng | =1.0.35 | |
| libpng | =1.0.37 | |
| libpng | =1.0.38 | |
| libpng | =1.0.39 | |
| libpng | =1.0.40 | |
| libpng | =1.0.41 | |
| libpng | =1.0.42 | |
| libpng | =1.0.43 | |
| libpng | =1.0.44 | |
| libpng | =1.0.45 | |
| libpng | =1.0.46 | |
| libpng | =1.0.47 | |
| libpng | =1.0.48 | |
| libpng | =1.0.50 | |
| libpng | =1.0.51 | |
| libpng | =1.0.52 | |
| libpng | =1.0.53 | |
| libpng | =1.0.54 | |
| libpng | =1.0.55 | |
| libpng | =1.0.55-rc01 | |
| libpng | =1.0.56 | |
| libpng | =1.0.56-devel | |
| libpng | =1.0.57 | |
| libpng | =1.0.57-rc01 | |
| libpng | =1.0.58 | |
| libpng | =1.0.59 | |
| libpng | =1.0.60 | |
| libpng | =1.0.61 | |
| libpng | =1.0.62 | |
| libpng | =1.0.63 | |
| libpng | =1.0.64 | |
| libpng | =1.0.65 | |
| Fedora | =23 | |
| Debian | =6.0 | |
| libpng | =1.4.0 | |
| libpng | =1.4.1 | |
| libpng | =1.4.2 | |
| libpng | =1.4.3 | |
| libpng | =1.4.4 | |
| libpng | =1.4.5 | |
| libpng | =1.4.6 | |
| libpng | =1.4.7 | |
| libpng | =1.4.8 | |
| libpng | =1.4.9 | |
| libpng | =1.4.10 | |
| libpng | =1.4.11 | |
| libpng | =1.4.12 | |
| libpng | =1.4.13 | |
| libpng | =1.4.14 | |
| libpng | =1.4.15 | |
| libpng | =1.4.16 | |
| libpng | =1.4.17 | |
| libpng | =1.4.18 | |
| libpng | =0.90 | |
| libpng | =0.95 | |
| libpng | =0.96 | |
| libpng | =0.97 | |
| libpng | =0.98 | |
| libpng | =0.99 | |
| libpng | =1.5.0-beta | |
| libpng | =1.5.1 | |
| libpng | =1.5.1-beta | |
| libpng | =1.5.2 | |
| libpng | =1.5.2-beta | |
| libpng | =1.5.3-beta | |
| libpng | =1.5.4 | |
| libpng | =1.5.4-beta | |
| libpng | =1.5.5 | |
| libpng | =1.5.5-beta | |
| libpng | =1.5.6 | |
| libpng | =1.5.6-beta | |
| libpng | =1.5.7 | |
| libpng | =1.5.7-beta | |
| libpng | =1.5.8 | |
| libpng | =1.5.8-beta | |
| libpng | =1.5.9 | |
| libpng | =1.5.9-beta | |
| libpng | =1.5.10-beta | |
| libpng | =1.5.11 | |
| libpng | =1.5.11-beta | |
| libpng | =1.5.12 | |
| libpng | =1.5.13 | |
| libpng | =1.5.13-beta | |
| libpng | =1.5.14 | |
| libpng | =1.5.15 | |
| libpng | =1.5.16 | |
| libpng | =1.5.17 | |
| libpng | =1.5.18 | |
| libpng | =1.5.19 | |
| libpng | =1.5.20-beta | |
| libpng | =1.5.21 | |
| libpng | =1.5.22 | |
| libpng | =1.5.23 | |
| libpng | =1.5.24 | |
| libpng | =1.5.25 | |
| libpng | =1.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html
- http://sourceforge.net/p/libpng/bugs/244/
- http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
- http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/
- http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/
- http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/
- http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/
- http://www.debian.org/security/2016/dsa-3443
- http://www.openwall.com/lists/oss-security/2015/12/10/6
- http://www.openwall.com/lists/oss-security/2015/12/10/7
- http://www.openwall.com/lists/oss-security/2015/12/11/1
- http://www.openwall.com/lists/oss-security/2015/12/11/2
- http://www.openwall.com/lists/oss-security/2015/12/17/10
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/80592
- https://access.redhat.com/errata/RHSA-2016:1430
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/201611-08
- http://seclists.org/oss-sec/2015/q4/469
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1291314
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1291318
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1291320
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1291315
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1291316
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1291317
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1291319
- https://rhn.redhat.com/errata/RHSA-2016-0101.html
- https://rhn.redhat.com/errata/RHSA-2016-0100.html
- https://rhn.redhat.com/errata/RHSA-2016-0099.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1291312
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://my.f5.com/manage/s/article/K000141359
Frequently Asked Questions
What is the severity of CVE-2015-8540?
CVE-2015-8540 is classified as a moderate severity vulnerability due to integer underflow in libpng.
How do I fix CVE-2015-8540?
To fix CVE-2015-8540, upgrade libpng to version 1.0.66, 1.2.56, 1.4.19, or 1.5.26 or later.
Which versions of libpng are affected by CVE-2015-8540?
CVE-2015-8540 affects libpng versions from 0.90 through 1.5.25.
Can CVE-2015-8540 be exploited remotely?
Yes, CVE-2015-8540 can be exploited remotely if the vulnerable library is used in an application that processes untrusted PNG images.
What software utilizes libpng and is affected by CVE-2015-8540?
Software that utilizes affected versions of libpng, such as certain versions of F5 Traffix SDC, may be affected by CVE-2015-8540.
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-8540
- agent/software-canonical-lookup
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/event
- agent/trending
- agent/source
- collector/f5-advisory
- source/F5
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- vendor/f5
- canonical/f5 traffix systems signaling delivery controller
- vendor/redhat
- canonical/redhat enterprise linux desktop supplementary
- version/redhat enterprise linux desktop supplementary/5.0
- version/redhat enterprise linux desktop supplementary/6.0
- canonical/red hat enterprise linux hpc node
- version/red hat enterprise linux hpc node/6.0
- canonical/red hat enterprise linux server supplementary
- version/red hat enterprise linux server supplementary/5.0
- version/red hat enterprise linux server supplementary/6.0
- canonical/red hat enterprise linux workstation supplementary
- version/red hat enterprise linux workstation supplementary/6.0
- vendor/libpng
- canonical/libpng
- version/libpng/1.2.0
- version/libpng/1.2.1
- version/libpng/1.2.2
- version/libpng/1.2.3
- version/libpng/1.2.4
- version/libpng/1.2.5
- version/libpng/1.2.6
- version/libpng/1.2.7
- version/libpng/1.2.8
- version/libpng/1.2.9
- version/libpng/1.2.10
- version/libpng/1.2.11
- version/libpng/1.2.12
- version/libpng/1.2.13
- version/libpng/1.2.14
- version/libpng/1.2.15
- version/libpng/1.2.16
- version/libpng/1.2.17
- version/libpng/1.2.18
- version/libpng/1.2.19
- version/libpng/1.2.20
- version/libpng/1.2.21
- version/libpng/1.2.22
- version/libpng/1.2.23
- version/libpng/1.2.24
- version/libpng/1.2.25
- version/libpng/1.2.26
- version/libpng/1.2.27
- version/libpng/1.2.28
- version/libpng/1.2.29
- version/libpng/1.2.30
- version/libpng/1.2.31
- version/libpng/1.2.32
- version/libpng/1.2.33
- version/libpng/1.2.34
- version/libpng/1.2.35
- version/libpng/1.2.36
- version/libpng/1.2.37
- version/libpng/1.2.38
- version/libpng/1.2.39
- version/libpng/1.2.40
- version/libpng/1.2.41
- version/libpng/1.2.42
- version/libpng/1.2.43
- version/libpng/1.2.43-devel
- version/libpng/1.2.44
- version/libpng/1.2.45
- version/libpng/1.2.45-devel
- version/libpng/1.2.46
- version/libpng/1.2.46-devel
- version/libpng/1.2.47
- version/libpng/1.2.47-beta
- version/libpng/1.2.48
- version/libpng/1.2.48-betas
- version/libpng/1.2.49
- version/libpng/1.2.50
- version/libpng/1.2.51
- version/libpng/1.2.52
- version/libpng/1.2.53
- version/libpng/1.2.54
- version/libpng/1.2.55
- version/libpng/1.1.1
- version/libpng/1.0.0
- version/libpng/1.0.1
- version/libpng/1.0.2
- version/libpng/1.0.3
- version/libpng/1.0.5
- version/libpng/1.0.6
- version/libpng/1.0.7
- version/libpng/1.0.8
- version/libpng/1.0.9
- version/libpng/1.0.10
- version/libpng/1.0.11
- version/libpng/1.0.12
- version/libpng/1.0.13
- version/libpng/1.0.14
- version/libpng/1.0.15
- version/libpng/1.0.16
- version/libpng/1.0.17
- version/libpng/1.0.18
- version/libpng/1.0.19
- version/libpng/1.0.20
- version/libpng/1.0.21
- version/libpng/1.0.22
- version/libpng/1.0.23
- version/libpng/1.0.24
- version/libpng/1.0.25
- version/libpng/1.0.26
- version/libpng/1.0.27
- version/libpng/1.0.28
- version/libpng/1.0.29
- version/libpng/1.0.30
- version/libpng/1.0.31
- version/libpng/1.0.32
- version/libpng/1.0.33
- version/libpng/1.0.34
- version/libpng/1.0.35
- version/libpng/1.0.37
- version/libpng/1.0.38
- version/libpng/1.0.39
- version/libpng/1.0.40
- version/libpng/1.0.41
- version/libpng/1.0.42
- version/libpng/1.0.43
- version/libpng/1.0.44
- version/libpng/1.0.45
- version/libpng/1.0.46
- version/libpng/1.0.47
- version/libpng/1.0.48
- version/libpng/1.0.50
- version/libpng/1.0.51
- version/libpng/1.0.52
- version/libpng/1.0.53
- version/libpng/1.0.54
- version/libpng/1.0.55
- version/libpng/1.0.55-rc01
- version/libpng/1.0.56
- version/libpng/1.0.56-devel
- version/libpng/1.0.57
- version/libpng/1.0.57-rc01
- version/libpng/1.0.58
- version/libpng/1.0.59
- version/libpng/1.0.60
- version/libpng/1.0.61
- version/libpng/1.0.62
- version/libpng/1.0.63
- version/libpng/1.0.64
- version/libpng/1.0.65
- vendor/fedoraproject
- canonical/fedora
- version/fedora/23
- vendor/debian
- canonical/debian
- version/debian/6.0
- version/libpng/1.4.0
- version/libpng/1.4.1
- version/libpng/1.4.2
- version/libpng/1.4.3
- version/libpng/1.4.4
- version/libpng/1.4.5
- version/libpng/1.4.6
- version/libpng/1.4.7
- version/libpng/1.4.8
- version/libpng/1.4.9
- version/libpng/1.4.10
- version/libpng/1.4.11
- version/libpng/1.4.12
- version/libpng/1.4.13
- version/libpng/1.4.14
- version/libpng/1.4.15
- version/libpng/1.4.16
- version/libpng/1.4.17
- version/libpng/1.4.18
- version/libpng/0.90
- version/libpng/0.95
- version/libpng/0.96
- version/libpng/0.97
- version/libpng/0.98
- version/libpng/0.99
- version/libpng/1.5.0-beta
- version/libpng/1.5.1
- version/libpng/1.5.1-beta
- version/libpng/1.5.2
- version/libpng/1.5.2-beta
- version/libpng/1.5.3-beta
- version/libpng/1.5.4
- version/libpng/1.5.4-beta
- version/libpng/1.5.5
- version/libpng/1.5.5-beta
- version/libpng/1.5.6
- version/libpng/1.5.6-beta
- version/libpng/1.5.7
- version/libpng/1.5.7-beta
- version/libpng/1.5.8
- version/libpng/1.5.8-beta
- version/libpng/1.5.9
- version/libpng/1.5.9-beta
- version/libpng/1.5.10-beta
- version/libpng/1.5.11
- version/libpng/1.5.11-beta
- version/libpng/1.5.12
- version/libpng/1.5.13
- version/libpng/1.5.13-beta
- version/libpng/1.5.14
- version/libpng/1.5.15
- version/libpng/1.5.16
- version/libpng/1.5.17
- version/libpng/1.5.18
- version/libpng/1.5.19
- version/libpng/1.5.20-beta
- version/libpng/1.5.21
- version/libpng/1.5.22
- version/libpng/1.5.23
- version/libpng/1.5.24
- version/libpng/1.5.25
- version/libpng/1.3.0