CVE-2015-8540
First published: Mon Dec 14 2015(Updated: )
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Linux Desktop Supplementary | =5.0 | |
| Redhat Enterprise Linux Desktop Supplementary | =6.0 | |
| Redhat Enterprise Linux Hpc Node | =6.0 | |
| Redhat Enterprise Linux Server Supplementary | =5.0 | |
| Redhat Enterprise Linux Server Supplementary | =6.0 | |
| Redhat Enterprise Linux Workstation Supplementary | =6.0 | |
| Libpng Libpng | =1.2.0 | |
| Libpng Libpng | =1.2.1 | |
| Libpng Libpng | =1.2.2 | |
| Libpng Libpng | =1.2.3 | |
| Libpng Libpng | =1.2.4 | |
| Libpng Libpng | =1.2.5 | |
| Libpng Libpng | =1.2.6 | |
| Libpng Libpng | =1.2.7 | |
| Libpng Libpng | =1.2.8 | |
| Libpng Libpng | =1.2.9 | |
| Libpng Libpng | =1.2.10 | |
| Libpng Libpng | =1.2.11 | |
| Libpng Libpng | =1.2.12 | |
| Libpng Libpng | =1.2.13 | |
| Libpng Libpng | =1.2.14 | |
| Libpng Libpng | =1.2.15 | |
| Libpng Libpng | =1.2.16 | |
| Libpng Libpng | =1.2.17 | |
| Libpng Libpng | =1.2.18 | |
| Libpng Libpng | =1.2.19 | |
| Libpng Libpng | =1.2.20 | |
| Libpng Libpng | =1.2.21 | |
| Libpng Libpng | =1.2.22 | |
| Libpng Libpng | =1.2.23 | |
| Libpng Libpng | =1.2.24 | |
| Libpng Libpng | =1.2.25 | |
| Libpng Libpng | =1.2.26 | |
| Libpng Libpng | =1.2.27 | |
| Libpng Libpng | =1.2.28 | |
| Libpng Libpng | =1.2.29 | |
| Libpng Libpng | =1.2.30 | |
| Libpng Libpng | =1.2.31 | |
| Libpng Libpng | =1.2.32 | |
| Libpng Libpng | =1.2.33 | |
| Libpng Libpng | =1.2.34 | |
| Libpng Libpng | =1.2.35 | |
| Libpng Libpng | =1.2.36 | |
| Libpng Libpng | =1.2.37 | |
| Libpng Libpng | =1.2.38 | |
| Libpng Libpng | =1.2.39 | |
| Libpng Libpng | =1.2.40 | |
| Libpng Libpng | =1.2.41 | |
| Libpng Libpng | =1.2.42 | |
| Libpng Libpng | =1.2.43 | |
| Libpng Libpng | =1.2.43-devel | |
| Libpng Libpng | =1.2.44 | |
| Libpng Libpng | =1.2.45 | |
| Libpng Libpng | =1.2.45-devel | |
| Libpng Libpng | =1.2.46 | |
| Libpng Libpng | =1.2.46-devel | |
| Libpng Libpng | =1.2.47 | |
| Libpng Libpng | =1.2.47-beta | |
| Libpng Libpng | =1.2.48 | |
| Libpng Libpng | =1.2.48-betas | |
| Libpng Libpng | =1.2.49 | |
| Libpng Libpng | =1.2.50 | |
| Libpng Libpng | =1.2.51 | |
| Libpng Libpng | =1.2.52 | |
| Libpng Libpng | =1.2.53 | |
| Libpng Libpng | =1.2.54 | |
| Libpng Libpng | =1.2.55 | |
| Libpng Libpng | =1.1.1 | |
| Libpng Libpng | =1.0.0 | |
| Libpng Libpng | =1.0.1 | |
| Libpng Libpng | =1.0.2 | |
| Libpng Libpng | =1.0.3 | |
| Libpng Libpng | =1.0.5 | |
| Libpng Libpng | =1.0.6 | |
| Libpng Libpng | =1.0.7 | |
| Libpng Libpng | =1.0.8 | |
| Libpng Libpng | =1.0.9 | |
| Libpng Libpng | =1.0.10 | |
| Libpng Libpng | =1.0.11 | |
| Libpng Libpng | =1.0.12 | |
| Libpng Libpng | =1.0.13 | |
| Libpng Libpng | =1.0.14 | |
| Libpng Libpng | =1.0.15 | |
| Libpng Libpng | =1.0.16 | |
| Libpng Libpng | =1.0.17 | |
| Libpng Libpng | =1.0.18 | |
| Libpng Libpng | =1.0.19 | |
| Libpng Libpng | =1.0.20 | |
| Libpng Libpng | =1.0.21 | |
| Libpng Libpng | =1.0.22 | |
| Libpng Libpng | =1.0.23 | |
| Libpng Libpng | =1.0.24 | |
| Libpng Libpng | =1.0.25 | |
| Libpng Libpng | =1.0.26 | |
| Libpng Libpng | =1.0.27 | |
| Libpng Libpng | =1.0.28 | |
| Libpng Libpng | =1.0.29 | |
| Libpng Libpng | =1.0.30 | |
| Libpng Libpng | =1.0.31 | |
| Libpng Libpng | =1.0.32 | |
| Libpng Libpng | =1.0.33 | |
| Libpng Libpng | =1.0.34 | |
| Libpng Libpng | =1.0.35 | |
| Libpng Libpng | =1.0.37 | |
| Libpng Libpng | =1.0.38 | |
| Libpng Libpng | =1.0.39 | |
| Libpng Libpng | =1.0.40 | |
| Libpng Libpng | =1.0.41 | |
| Libpng Libpng | =1.0.42 | |
| Libpng Libpng | =1.0.43 | |
| Libpng Libpng | =1.0.44 | |
| Libpng Libpng | =1.0.45 | |
| Libpng Libpng | =1.0.46 | |
| Libpng Libpng | =1.0.47 | |
| Libpng Libpng | =1.0.48 | |
| Libpng Libpng | =1.0.50 | |
| Libpng Libpng | =1.0.51 | |
| Libpng Libpng | =1.0.52 | |
| Libpng Libpng | =1.0.53 | |
| Libpng Libpng | =1.0.54 | |
| Libpng Libpng | =1.0.55 | |
| Libpng Libpng | =1.0.55-rc01 | |
| Libpng Libpng | =1.0.56 | |
| Libpng Libpng | =1.0.56-devel | |
| Libpng Libpng | =1.0.57 | |
| Libpng Libpng | =1.0.57-rc01 | |
| Libpng Libpng | =1.0.58 | |
| Libpng Libpng | =1.0.59 | |
| Libpng Libpng | =1.0.60 | |
| Libpng Libpng | =1.0.61 | |
| Libpng Libpng | =1.0.62 | |
| Libpng Libpng | =1.0.63 | |
| Libpng Libpng | =1.0.64 | |
| Libpng Libpng | =1.0.65 | |
| Fedoraproject Fedora | =23 | |
| Debian Debian Linux | =6.0 | |
| Libpng Libpng | =1.4.0 | |
| Libpng Libpng | =1.4.1 | |
| Libpng Libpng | =1.4.2 | |
| Libpng Libpng | =1.4.3 | |
| Libpng Libpng | =1.4.4 | |
| Libpng Libpng | =1.4.5 | |
| Libpng Libpng | =1.4.6 | |
| Libpng Libpng | =1.4.7 | |
| Libpng Libpng | =1.4.8 | |
| Libpng Libpng | =1.4.9 | |
| Libpng Libpng | =1.4.10 | |
| Libpng Libpng | =1.4.11 | |
| Libpng Libpng | =1.4.12 | |
| Libpng Libpng | =1.4.13 | |
| Libpng Libpng | =1.4.14 | |
| Libpng Libpng | =1.4.15 | |
| Libpng Libpng | =1.4.16 | |
| Libpng Libpng | =1.4.17 | |
| Libpng Libpng | =1.4.18 | |
| Libpng Libpng | =0.90 | |
| Libpng Libpng | =0.95 | |
| Libpng Libpng | =0.96 | |
| Libpng Libpng | =0.97 | |
| Libpng Libpng | =0.98 | |
| Libpng Libpng | =0.99 | |
| Libpng Libpng | =1.5.0-beta | |
| Libpng Libpng | =1.5.1 | |
| Libpng Libpng | =1.5.1-beta | |
| Libpng Libpng | =1.5.2 | |
| Libpng Libpng | =1.5.2-beta | |
| Libpng Libpng | =1.5.3-beta | |
| Libpng Libpng | =1.5.4 | |
| Libpng Libpng | =1.5.4-beta | |
| Libpng Libpng | =1.5.5 | |
| Libpng Libpng | =1.5.5-beta | |
| Libpng Libpng | =1.5.6 | |
| Libpng Libpng | =1.5.6-beta | |
| Libpng Libpng | =1.5.7 | |
| Libpng Libpng | =1.5.7-beta | |
| Libpng Libpng | =1.5.8 | |
| Libpng Libpng | =1.5.8-beta | |
| Libpng Libpng | =1.5.9 | |
| Libpng Libpng | =1.5.9-beta | |
| Libpng Libpng | =1.5.10-beta | |
| Libpng Libpng | =1.5.11 | |
| Libpng Libpng | =1.5.11-beta | |
| Libpng Libpng | =1.5.12 | |
| Libpng Libpng | =1.5.13 | |
| Libpng Libpng | =1.5.13-beta | |
| Libpng Libpng | =1.5.14 | |
| Libpng Libpng | =1.5.15 | |
| Libpng Libpng | =1.5.16 | |
| Libpng Libpng | =1.5.17 | |
| Libpng Libpng | =1.5.18 | |
| Libpng Libpng | =1.5.19 | |
| Libpng Libpng | =1.5.20-beta | |
| Libpng Libpng | =1.5.21 | |
| Libpng Libpng | =1.5.22 | |
| Libpng Libpng | =1.5.23 | |
| Libpng Libpng | =1.5.24 | |
| Libpng Libpng | =1.5.25 | |
| Libpng Libpng | =1.3.0 | |
| redhat/libpng | <1.6.0 | 1.6.0 |
| redhat/libpng | <1.5.26 | 1.5.26 |
| redhat/libpng | <1.4.19 | 1.4.19 |
| redhat/libpng | <1.2.56 | 1.2.56 |
| redhat/libpng | <1.0.66 | 1.0.66 |
| F5 Traffix SDC |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html
- http://sourceforge.net/p/libpng/bugs/244/
- http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
- http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/
- http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/
- http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/
- http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/
- http://www.debian.org/security/2016/dsa-3443
- http://www.openwall.com/lists/oss-security/2015/12/10/6
- http://www.openwall.com/lists/oss-security/2015/12/10/7
- http://www.openwall.com/lists/oss-security/2015/12/11/1
- http://www.openwall.com/lists/oss-security/2015/12/11/2
- http://www.openwall.com/lists/oss-security/2015/12/17/10
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/80592
- https://access.redhat.com/errata/RHSA-2016:1430
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/201611-08
- http://seclists.org/oss-sec/2015/q4/469
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1291314
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1291318
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1291320
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1291315
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1291316
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1291317
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1291319
- https://rhn.redhat.com/errata/RHSA-2016-0101.html
- https://rhn.redhat.com/errata/RHSA-2016-0100.html
- https://rhn.redhat.com/errata/RHSA-2016-0099.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1291312
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://my.f5.com/manage/s/article/K000141359
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-8540
- agent/software-canonical-lookup
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/f5-advisory
- source/F5
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/event
- agent/trending
- vendor/redhat
- canonical/redhat enterprise linux desktop supplementary
- version/redhat enterprise linux desktop supplementary/5.0
- version/redhat enterprise linux desktop supplementary/6.0
- canonical/redhat enterprise linux hpc node
- version/redhat enterprise linux hpc node/6.0
- canonical/redhat enterprise linux server supplementary
- version/redhat enterprise linux server supplementary/5.0
- version/redhat enterprise linux server supplementary/6.0
- canonical/redhat enterprise linux workstation supplementary
- version/redhat enterprise linux workstation supplementary/6.0
- vendor/libpng
- canonical/libpng libpng
- version/libpng libpng/1.2.0
- version/libpng libpng/1.2.1
- version/libpng libpng/1.2.2
- version/libpng libpng/1.2.3
- version/libpng libpng/1.2.4
- version/libpng libpng/1.2.5
- version/libpng libpng/1.2.6
- version/libpng libpng/1.2.7
- version/libpng libpng/1.2.8
- version/libpng libpng/1.2.9
- version/libpng libpng/1.2.10
- version/libpng libpng/1.2.11
- version/libpng libpng/1.2.12
- version/libpng libpng/1.2.13
- version/libpng libpng/1.2.14
- version/libpng libpng/1.2.15
- version/libpng libpng/1.2.16
- version/libpng libpng/1.2.17
- version/libpng libpng/1.2.18
- version/libpng libpng/1.2.19
- version/libpng libpng/1.2.20
- version/libpng libpng/1.2.21
- version/libpng libpng/1.2.22
- version/libpng libpng/1.2.23
- version/libpng libpng/1.2.24
- version/libpng libpng/1.2.25
- version/libpng libpng/1.2.26
- version/libpng libpng/1.2.27
- version/libpng libpng/1.2.28
- version/libpng libpng/1.2.29
- version/libpng libpng/1.2.30
- version/libpng libpng/1.2.31
- version/libpng libpng/1.2.32
- version/libpng libpng/1.2.33
- version/libpng libpng/1.2.34
- version/libpng libpng/1.2.35
- version/libpng libpng/1.2.36
- version/libpng libpng/1.2.37
- version/libpng libpng/1.2.38
- version/libpng libpng/1.2.39
- version/libpng libpng/1.2.40
- version/libpng libpng/1.2.41
- version/libpng libpng/1.2.42
- version/libpng libpng/1.2.43
- version/libpng libpng/1.2.43-devel
- version/libpng libpng/1.2.44
- version/libpng libpng/1.2.45
- version/libpng libpng/1.2.45-devel
- version/libpng libpng/1.2.46
- version/libpng libpng/1.2.46-devel
- version/libpng libpng/1.2.47
- version/libpng libpng/1.2.47-beta
- version/libpng libpng/1.2.48
- version/libpng libpng/1.2.48-betas
- version/libpng libpng/1.2.49
- version/libpng libpng/1.2.50
- version/libpng libpng/1.2.51
- version/libpng libpng/1.2.52
- version/libpng libpng/1.2.53
- version/libpng libpng/1.2.54
- version/libpng libpng/1.2.55
- version/libpng libpng/1.1.1
- version/libpng libpng/1.0.0
- version/libpng libpng/1.0.1
- version/libpng libpng/1.0.2
- version/libpng libpng/1.0.3
- version/libpng libpng/1.0.5
- version/libpng libpng/1.0.6
- version/libpng libpng/1.0.7
- version/libpng libpng/1.0.8
- version/libpng libpng/1.0.9
- version/libpng libpng/1.0.10
- version/libpng libpng/1.0.11
- version/libpng libpng/1.0.12
- version/libpng libpng/1.0.13
- version/libpng libpng/1.0.14
- version/libpng libpng/1.0.15
- version/libpng libpng/1.0.16
- version/libpng libpng/1.0.17
- version/libpng libpng/1.0.18
- version/libpng libpng/1.0.19
- version/libpng libpng/1.0.20
- version/libpng libpng/1.0.21
- version/libpng libpng/1.0.22
- version/libpng libpng/1.0.23
- version/libpng libpng/1.0.24
- version/libpng libpng/1.0.25
- version/libpng libpng/1.0.26
- version/libpng libpng/1.0.27
- version/libpng libpng/1.0.28
- version/libpng libpng/1.0.29
- version/libpng libpng/1.0.30
- version/libpng libpng/1.0.31
- version/libpng libpng/1.0.32
- version/libpng libpng/1.0.33
- version/libpng libpng/1.0.34
- version/libpng libpng/1.0.35
- version/libpng libpng/1.0.37
- version/libpng libpng/1.0.38
- version/libpng libpng/1.0.39
- version/libpng libpng/1.0.40
- version/libpng libpng/1.0.41
- version/libpng libpng/1.0.42
- version/libpng libpng/1.0.43
- version/libpng libpng/1.0.44
- version/libpng libpng/1.0.45
- version/libpng libpng/1.0.46
- version/libpng libpng/1.0.47
- version/libpng libpng/1.0.48
- version/libpng libpng/1.0.50
- version/libpng libpng/1.0.51
- version/libpng libpng/1.0.52
- version/libpng libpng/1.0.53
- version/libpng libpng/1.0.54
- version/libpng libpng/1.0.55
- version/libpng libpng/1.0.55-rc01
- version/libpng libpng/1.0.56
- version/libpng libpng/1.0.56-devel
- version/libpng libpng/1.0.57
- version/libpng libpng/1.0.57-rc01
- version/libpng libpng/1.0.58
- version/libpng libpng/1.0.59
- version/libpng libpng/1.0.60
- version/libpng libpng/1.0.61
- version/libpng libpng/1.0.62
- version/libpng libpng/1.0.63
- version/libpng libpng/1.0.64
- version/libpng libpng/1.0.65
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/23
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/6.0
- version/libpng libpng/1.4.0
- version/libpng libpng/1.4.1
- version/libpng libpng/1.4.2
- version/libpng libpng/1.4.3
- version/libpng libpng/1.4.4
- version/libpng libpng/1.4.5
- version/libpng libpng/1.4.6
- version/libpng libpng/1.4.7
- version/libpng libpng/1.4.8
- version/libpng libpng/1.4.9
- version/libpng libpng/1.4.10
- version/libpng libpng/1.4.11
- version/libpng libpng/1.4.12
- version/libpng libpng/1.4.13
- version/libpng libpng/1.4.14
- version/libpng libpng/1.4.15
- version/libpng libpng/1.4.16
- version/libpng libpng/1.4.17
- version/libpng libpng/1.4.18
- version/libpng libpng/0.90
- version/libpng libpng/0.95
- version/libpng libpng/0.96
- version/libpng libpng/0.97
- version/libpng libpng/0.98
- version/libpng libpng/0.99
- version/libpng libpng/1.5.0-beta
- version/libpng libpng/1.5.1
- version/libpng libpng/1.5.1-beta
- version/libpng libpng/1.5.2
- version/libpng libpng/1.5.2-beta
- version/libpng libpng/1.5.3-beta
- version/libpng libpng/1.5.4
- version/libpng libpng/1.5.4-beta
- version/libpng libpng/1.5.5
- version/libpng libpng/1.5.5-beta
- version/libpng libpng/1.5.6
- version/libpng libpng/1.5.6-beta
- version/libpng libpng/1.5.7
- version/libpng libpng/1.5.7-beta
- version/libpng libpng/1.5.8
- version/libpng libpng/1.5.8-beta
- version/libpng libpng/1.5.9
- version/libpng libpng/1.5.9-beta
- version/libpng libpng/1.5.10-beta
- version/libpng libpng/1.5.11
- version/libpng libpng/1.5.11-beta
- version/libpng libpng/1.5.12
- version/libpng libpng/1.5.13
- version/libpng libpng/1.5.13-beta
- version/libpng libpng/1.5.14
- version/libpng libpng/1.5.15
- version/libpng libpng/1.5.16
- version/libpng libpng/1.5.17
- version/libpng libpng/1.5.18
- version/libpng libpng/1.5.19
- version/libpng libpng/1.5.20-beta
- version/libpng libpng/1.5.21
- version/libpng libpng/1.5.22
- version/libpng libpng/1.5.23
- version/libpng libpng/1.5.24
- version/libpng libpng/1.5.25
- version/libpng libpng/1.3.0
- package-manager/redhat
- vendor/f5
- canonical/f5 traffix sdc