CVE-2015-0973

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

References

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

http://secunia.com/advisories/62725

http://sourceforge.net/p/png-mng/mailman/message/33173461/

http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt

http://www.openwall.com/lists/oss-security/2015/01/10/1

http://www.openwall.com/lists/oss-security/2015/01/10/3

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

https://support.apple.com/HT206167

Details

Source: MITRE

Published: 2015-01-18

Updated: 2016-10-20

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:* versions up to 1.5.20 (inclusive)

cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.0:beta:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.1:beta:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.2:beta:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.3:beta:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.4:beta:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.7:beta:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.8:beta:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.9:beta:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.10:beta:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.11:beta:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.12:beta:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.13:beta:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.14:beta:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.6.15:beta:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.11.3 (inclusive)

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
137503EulerOS 2.0 SP2 : libpng (EulerOS-SA-2020-1661)NessusHuawei Local Security Checks
high
9327Mac OS X 10.11.x < 10.11.4 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
90097Mac OS X 10.9.5 / 10.10.5 Multiple Vulnerabilities (Security Update 2016-002)NessusMacOS X Local Security Checks
critical
90096Mac OS X 10.11.x < 10.11.4 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
83669SUSE SLED12 / SLES12 Security Update : libpng16 (SUSE-SU-2015:0092-1)NessusSuSE Local Security Checks
critical
81712Fedora 21 : libpng10-1.0.63-1.fc21 (2015-2863)NessusFedora Local Security Checks
critical
81711Fedora 20 : libpng10-1.0.63-1.fc20 (2015-2830)NessusFedora Local Security Checks
critical
81710Fedora 22 : libpng10-1.0.63-1.fc22 (2015-2765)NessusFedora Local Security Checks
critical
81063openSUSE Security Update : libpng16 (openSUSE-SU-2015:0161-1)NessusSuSE Local Security Checks
critical