CVE-2015-8540

Priority
Description
Integer underflow in the png_check_keyword function in pngwutil.c in libpng
0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56,
1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote
attackers to have unspecified impact via a space character as a keyword in
a PNG image, which triggers an out-of-bounds read.
Notes
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system libpng])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system libpng)
Package
Upstream:not-affected (bundles libpng 1.6.18)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [bundles libpng 1.6.18])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (bundles libpng 1.6.18)
Package
Upstream:pending (1.0.66, 1.2.56, 1.4.19, and 1.5.26)
Ubuntu 14.04 ESM (Trusty Tahr):released (1.2.50-1ubuntu2.14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.2.54-1ubuntu1)
Patches:
Upstream:http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
Upstream:https://github.com/glennrp/libpng/commit/520b373ee53e92dce93917fea5a609b2a0291472 (1.2.x)
Package
Upstream:not-affected (bundles libpng 1.6.16)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [bundles libpng 1.6.16])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (bundles libpng 1.6.16)
More Information

Updated: 2019-12-05 18:43:20 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)