Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/
http://www.openwall.com/lists/oss-security/2015/12/10/7
http://www.openwall.com/lists/oss-security/2015/12/11/2
http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/
http://sourceforge.net/p/libpng/bugs/244/
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html
http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/
http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/
http://www.securityfocus.com/bid/80592
http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
http://www.openwall.com/lists/oss-security/2015/12/10/6
http://www.openwall.com/lists/oss-security/2015/12/17/10
http://www.openwall.com/lists/oss-security/2015/12/11/1
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
https://access.redhat.com/errata/RHSA-2016:1430
https://security.gentoo.org/glsa/201611-08
http://www.debian.org/security/2016/dsa-3443
https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E
Source: MITRE
Published: 2016-04-14
Updated: 2021-06-29
Type: CWE-189
Base Score: 9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8.6
Severity: HIGH
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH