PublicDateAtUSN: 2015-12-09 Candidate: CVE-2015-8472 PublicDate: 2016-01-21 15:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472 https://marc.info/?l=oss-security&m=144929077710907&w=2 https://ubuntu.com/security/notices/USN-2861-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1224244#c0 Description: Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. Ubuntu-Description: Notes: seth-arnold> Incomplete fix for CVE-2015-8126 chriscoulson> firefox and thunderbird are not-affected since they don't use png_set_PLTE, see https://bugzilla.mozilla.org/show_bug.cgi?id=1224244#c0) Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807112 Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L [7.3 HIGH] Patches_libpng: upstream: https://github.com/glennrp/libpng/commit/7e1ca9ceba4e64259863efdd98bab9b55bdc0b9c upstream: https://github.com/glennrp/libpng/commit/4488a96126bbefda51d07835411d8e847a88b2b7 upstream: https://github.com/glennrp/libpng/commit/ad224c6907e8a274f2679eae4c2e3085fdc7e8c8 upstream_libpng: released (1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65) precise_libpng: released (1.2.46-3ubuntu4.2) trusty_libpng: released (1.2.50-1ubuntu2.14.04.2) trusty/esm_libpng: released (1.2.50-1ubuntu2.14.04.2) vivid_libpng: released (1.2.51-0ubuntu3.15.04.2) vivid/stable-phone-overlay_libpng: released (1.2.51-0ubuntu3.15.04.2) vivid/ubuntu-core_libpng: released (1.2.51-0ubuntu3.15.04.2) wily_libpng: released (1.2.51-0ubuntu3.15.10.2) devel_libpng: released (1.2.54-1ubuntu1) Patches_firefox: upstream_firefox: not-affected (doesn't use png_set_PLTE) precise_firefox: not-affected (doesn't use png_set_PLTE) trusty_firefox: not-affected (doesn't use png_set_PLTE) trusty/esm_firefox: DNE (trusty was not-affected [doesn't use png_set_PLTE]) vivid_firefox: not-affected (doesn't use png_set_PLTE) vivid/stable-phone-overlay_firefox: DNE vivid/ubuntu-core_firefox: DNE wily_firefox: not-affected (doesn't use png_set_PLTE) devel_firefox: not-affected (doesn't use png_set_PLTE) Patches_thunderbird: upstream_thunderbird: not-affected (doesn't use png_set_PLTE) precise_thunderbird: not-affected (doesn't use png_set_PLTE) trusty_thunderbird: not-affected (doesn't use png_set_PLTE) trusty/esm_thunderbird: DNE (trusty was not-affected [doesn't use png_set_PLTE]) vivid_thunderbird: not-affected (doesn't use png_set_PLTE) vivid/stable-phone-overlay_thunderbird: DNE vivid/ubuntu-core_thunderbird: DNE wily_thunderbird: not-affected (doesn't use png_set_PLTE) devel_thunderbird: not-affected (doesn't use png_set_PLTE) Patches_chromium-browser: upstream_chromium-browser: needs-triage precise_chromium-browser: not-affected (uses system libpng) trusty_chromium-browser: not-affected (uses system libpng) trusty/esm_chromium-browser: DNE (trusty was not-affected [uses system libpng]) vivid_chromium-browser: not-affected (uses system libpng) vivid/stable-phone-overlay_chromium-browser: DNE vivid/ubuntu-core_chromium-browser: DNE wily_chromium-browser: not-affected (uses system libpng) devel_chromium-browser: not-affected (uses system libpng) Patches_openjdk-7: upstream_openjdk-7: needs-triage precise_openjdk-7: not-affected (uses system libpng) trusty_openjdk-7: not-affected (uses system libpng) trusty/esm_openjdk-7: DNE (trusty was not-affected [uses system libpng]) vivid_openjdk-7: not-affected (uses system libpng) vivid/stable-phone-overlay_openjdk-7: DNE vivid/ubuntu-core_openjdk-7: DNE wily_openjdk-7: not-affected (uses system libpng) devel_openjdk-7: not-affected (uses system libpng) Patches_openjdk-6: upstream_openjdk-6: needs-triage precise_openjdk-6: not-affected (uses system libpng) trusty_openjdk-6: not-affected (uses system libpng) trusty/esm_openjdk-6: DNE (trusty was not-affected [uses system libpng]) vivid_openjdk-6: not-affected (uses system libpng) vivid/stable-phone-overlay_openjdk-6: DNE vivid/ubuntu-core_openjdk-6: DNE wily_openjdk-6: not-affected (uses system libpng) devel_openjdk-6: not-affected (uses system libpng) Patches_openjdk-8: upstream_openjdk-8: needs-triage precise_openjdk-8: DNE trusty_openjdk-8: DNE trusty/esm_openjdk-8: DNE vivid_openjdk-8: not-affected (uses system libpng) vivid/stable-phone-overlay_openjdk-8: DNE vivid/ubuntu-core_openjdk-8: DNE wily_openjdk-8: not-affected (uses system libpng) devel_openjdk-8: not-affected (uses system libpng)