7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
86.0%
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng
before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to
execute arbitrary code via IDAT data with a large width, a different
vulnerability than CVE-2014-9495.
Author | Note |
---|---|
mdeslaur | only affects libpng 1.5 and 1.6 texlive-bin has libpng 1.2 or uses system libpng |
mid.gmane.org/[email protected]
sourceforge.net/p/png-mng/mailman/message/33173461/
tfpwn.com/files/libpng_heap_overflow_1.6.15.txt
www.openwall.com/lists/oss-security/2015/01/10/1
www.openwall.com/lists/oss-security/2015/01/10/3
launchpad.net/bugs/cve/CVE-2015-0973
nvd.nist.gov/vuln/detail/CVE-2015-0973
security-tracker.debian.org/tracker/CVE-2015-0973
www.cve.org/CVERecord?id=CVE-2015-0973