CVE-2015-7981

Priority
Description
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64,
1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to
obtain sensitive process memory information via crafted tIME chunk data in
an image file, which triggers an out-of-bounds read.
Assigned-to
mdeslaur
Notes
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system libpng])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system libpng)
Package
Upstream:not-affected (bundles libpng 1.6.18)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [bundles libpng 1.6.18])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (bundles libpng 1.6.18)
Package
Upstream:released (1.2.54beta01)
Ubuntu 14.04 ESM (Trusty Tahr):released (1.2.50-1ubuntu2.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.2.54-1)
Patches:
Upstream:http://sourceforge.net/p/libpng/code/ci/fbf0f024346ca0a4ffc64b082a95c6b6bb6d29c4/
Package
Upstream:not-affected (bundles libpng 1.6.16)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [bundles libpng 1.6.16])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (bundles libpng 1.6.16)
More Information

Updated: 2020-03-18 22:42:07 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)