Veracode Vulnerability DatabaseVERACODE:11883Information Disclosure
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
libpng is vulnerable to information disclosure. An array-indexing error was discovered in the png_convert_to_rfc1123() function. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.
References
lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html
lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html
lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html
lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html
lists.opensuse.org/opensuse-updates/2015-11/msg00160.html
rhn.redhat.com/errata/RHSA-2015-2594.html
rhn.redhat.com/errata/RHSA-2015-2595.html
sourceforge.net/p/libpng/bugs/241/
sourceforge.net/projects/libpng/files/libpng10/1.0.64/
sourceforge.net/projects/libpng/files/libpng12/1.2.54/
sourceforge.net/projects/libpng/files/libpng14/1.4.17/
www.debian.org/security/2015/dsa-3399
www.openwall.com/lists/oss-security/2015/10/26/1
www.openwall.com/lists/oss-security/2015/10/26/3
www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
www.securityfocus.com/bid/77304
www.securitytracker.com/id/1034393
www.ubuntu.com/usn/USN-2815-1
access.redhat.com/errata/RHSA-2016:1430
access.redhat.com/security/updates/classification/#moderate
rhn.redhat.com/errata/RHSA-2015-2594.html
security.gentoo.org/glsa/201611-08
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N