Out-of-Bounds Read Vulnerability in libpng Affects Various Versions
CVE-2015-7981

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Debian Linux
Vendor: CVE Published:; 24 November 2015

Summary

The png_convert_to_rfc1123 function in libpng enables remote attackers to exploit vulnerabilities through specially crafted tIME chunk data in image files. This can lead to an out-of-bounds read that discloses sensitive process memory information, emphasizing the need for timely updates and patches to mitigate potential attacks.

References

http://www.securityfocus.com/bid/77304

vdb-entryx_refsource_BID

http://www.openwall.com/lists/oss-security/2015/10/26/1

mailing-listx_refsource_MLIST

http://lists.opensuse.org/opensuse-updates/2015-11/msg001...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Nov 24, 2015
Vulnerability Reserved
Oct 26, 2015