Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
No CVSS v3.1
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction Required
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors | Products |
---|---|
Redhat |
|
Fedoraproject |
|
Debian |
|
Libpng |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
Configuration 10 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-04-14T14:00:00
Updated: 2021-06-29T14:06:22
Reserved: 2015-12-10T00:00:00
Link: CVE-2015-8540
JSON object: View
NVD Information
Status : Modified
Published: 2016-04-14T14:59:03.287
Modified: 2023-11-07T02:28:32.263
Link: CVE-2015-8540
JSON object: View
Redhat Information
No data.
CWE