Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-7981

Published: 26 October 2015

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
vivid Not vulnerable
(bundles libpng 1.6.18)
upstream Not vulnerable
(bundles libpng 1.6.18)
precise Not vulnerable
(bundles libpng 1.6.18)
trusty Does not exist
(trusty was not-affected [bundles libpng 1.6.18])
wily Not vulnerable
(bundles libpng 1.6.18)
libpng
Launchpad, Ubuntu, Debian
upstream
Released (1.2.54beta01)
precise
Released (1.2.46-3ubuntu4.1)
trusty
Released (1.2.50-1ubuntu2.14.04.1)
vivid
Released (1.2.51-0ubuntu3.15.04.1)
wily
Released (1.2.51-0ubuntu3.15.10.1)
Patches:
upstream: http://sourceforge.net/p/libpng/code/ci/fbf0f024346ca0a4ffc64b082a95c6b6bb6d29c4/
thunderbird
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(bundles libpng 1.6.16)
precise Not vulnerable
(bundles libpng 1.6.16)
trusty Does not exist
(trusty was not-affected [bundles libpng 1.6.16])
wily Not vulnerable
(bundles libpng 1.6.16)
vivid Not vulnerable
(bundles libpng 1.6.16)
chromium-browser
Launchpad, Ubuntu, Debian
vivid Not vulnerable
(uses system libpng)
upstream Needs triage

precise Not vulnerable
(uses system libpng)
trusty Does not exist
(trusty was not-affected [uses system libpng])
wily Not vulnerable
(uses system libpng)