Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-9495 (GCVE-0-2014-9495)
Vulnerability from cvelistv5 – Published: 2015-01-10 19:00 – Updated: 2025-06-09 15:16
VLAI?
EPSS
Summary
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2014-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
},
{
"name": "71820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71820"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"name": "[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
},
{
"name": "1031444",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031444"
},
{
"name": "62725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62725"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2014-9495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:14:59.794156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:16:20.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
},
{
"name": "71820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71820"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"name": "[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
},
{
"name": "1031444",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031444"
},
{
"name": "62725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62725"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
},
{
"name": "71820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71820"
},
{
"name": "APPLE-SA-2016-03-21-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "https://support.apple.com/HT206167",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206167"
},
{
"name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
"refsource": "MLIST",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"name": "[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available",
"refsource": "MLIST",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
},
{
"name": "1031444",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031444"
},
{
"name": "62725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62725"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9495",
"datePublished": "2015-01-10T19:00:00.000Z",
"dateReserved": "2015-01-03T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:16:20.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2014-9495\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-01-10T19:59:00.047\",\"lastModified\":\"2025-06-09T16:15:24.410\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \\\"very wide interlaced\\\" PNG image.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n png_combine_row en libpng en versiones anteriores a 1.5.21 y 1.6.x en versiones anteriores a 1.6.16, cuando se ejecuta en sistemas de 64 bits, podr\u00eda permitir a atacantes dependientes del contexto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen PNG \\\"entrelazada muy ampliamente\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.11.3\",\"matchCriteriaId\":\"D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:beta:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.20\",\"matchCriteriaId\":\"4D0BD544-FE2A-4AC6-8402-15A677EFC24C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7A0D174-F35C-488B-8577-00EFB7741089\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"051989A3-3F72-4223-98DF-54B0488656F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EDC5DA5-F2A7-4819-BB9D-258EB9AB7857\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.1:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"02FCC235-9564-4B92-B1AB-294EAB110E95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27B34D78-C0BC-45DC-AD84-F5F13451ED7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"40C344C8-812C-4EDE-9AD6-31EF7F0E24C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D3A7EC-774C-423F-BDE1-CDCB9433D87B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.3:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9353E66-56D2-4CD1-BC30-5B2FF0F4E722\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B898B95-CF41-4813-8FE7-776BD59A6A9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.4:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D9BF9ED-965A-4BF5-A3EC-FAFCE880F14A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F5E5899-5A3F-49A1-B18C-4C97566B87BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7897EEC-DE43-485A-B2CD-E8623A6D2C8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACC16FE2-E94E-45B9-94F0-B6434B21DD2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.7:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"278434CA-DD56-47FC-9C15-4B9D4159786C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C8DAE31-CCA9-450D-90E5-B8F0490FB944\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.8:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C5712AB-1A98-45DB-8384-5CD70D03684C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52FEB5C9-0C13-4FD6-876C-AAE7ED4E986C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.9:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2903D2B-A99A-4120-88DC-A1DF59085F59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2337F9F3-D26D-4A24-880A-800CD5C16795\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.10:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"D97CC2D1-657A-48D7-8035-89986341B56C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31F71BA3-5402-448E-9068-EB0DCA1D62EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.11:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"3539DE6A-05BE-47EB-A89F-D3E4D98FC014\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.12:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A004603-261B-49DB-B15B-A8EE0F3AB4BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD67323A-8463-4B8F-B370-40C2ACFF4D8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.13:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"6944746B-2032-4088-A7EB-EE004F12274E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BBA4F43-0FD0-4D7D-84A0-37C8E79B9B29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.14:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AC27CC2-D64C-4AED-A0DF-F6F2920D7AB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71E01CC8-1C29-4C46-8213-B48A2364CE8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:1.6.15:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A8396AB-D983-4F04-A9F5-FA120A0E0AF6\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/62725\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/p/png-mng/mailman/message/33172831/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/p/png-mng/mailman/message/33173461/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/01/04/3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/01/10/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/01/10/3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/71820\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1031444\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/HT206167\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/62725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/p/png-mng/mailman/message/33172831/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/p/png-mng/mailman/message/33173461/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/01/04/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/01/10/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/01/10/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/71820\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1031444\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT206167\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2015/01/04/3\", \"name\": \"[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/71820\", \"name\": \"71820\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\", \"name\": \"APPLE-SA-2016-03-21-5\", \"tags\": [\"vendor-advisory\", \"x_refsource_APPLE\", \"x_transferred\"]}, {\"url\": \"https://support.apple.com/HT206167\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://sourceforge.net/p/png-mng/mailman/message/33173461/\", \"name\": \"[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/01/10/1\", \"name\": \"[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/01/10/3\", \"name\": \"[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://sourceforge.net/p/png-mng/mailman/message/33172831/\", \"name\": \"[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1031444\", \"name\": \"1031444\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/62725\", \"name\": \"62725\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T13:47:41.383Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2014-9495\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-09T15:14:59.794156Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122 Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-09T15:12:32.955Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2014-12-22T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2015/01/04/3\", \"name\": \"[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://www.securityfocus.com/bid/71820\", \"name\": \"71820\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\", \"name\": \"APPLE-SA-2016-03-21-5\", \"tags\": [\"vendor-advisory\", \"x_refsource_APPLE\"]}, {\"url\": \"https://support.apple.com/HT206167\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://sourceforge.net/p/png-mng/mailman/message/33173461/\", \"name\": \"[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/01/10/1\", \"name\": \"[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/01/10/3\", \"name\": \"[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://sourceforge.net/p/png-mng/mailman/message/33172831/\", \"name\": \"[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://www.securitytracker.com/id/1031444\", \"name\": \"1031444\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://secunia.com/advisories/62725\", \"name\": \"62725\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \\\"very wide interlaced\\\" PNG image.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2016-10-17T13:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2015/01/04/3\", \"name\": \"[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow\", \"refsource\": \"MLIST\"}, {\"url\": \"http://www.securityfocus.com/bid/71820\", \"name\": \"71820\", \"refsource\": \"BID\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\", \"name\": \"APPLE-SA-2016-03-21-5\", \"refsource\": \"APPLE\"}, {\"url\": \"https://support.apple.com/HT206167\", \"name\": \"https://support.apple.com/HT206167\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://sourceforge.net/p/png-mng/mailman/message/33173461/\", \"name\": \"[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available\", \"refsource\": \"MLIST\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/01/10/1\", \"name\": \"[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow\", \"refsource\": \"MLIST\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html\", \"name\": \"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/01/10/3\", \"name\": \"[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow\", \"refsource\": \"MLIST\"}, {\"url\": \"http://sourceforge.net/p/png-mng/mailman/message/33172831/\", \"name\": \"[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available\", \"refsource\": \"MLIST\"}, {\"url\": \"http://www.securitytracker.com/id/1031444\", \"name\": \"1031444\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://secunia.com/advisories/62725\", \"name\": \"62725\", \"refsource\": \"SECUNIA\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \\\"very wide interlaced\\\" PNG image.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2014-9495\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2014-9495\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-09T15:16:20.021Z\", \"dateReserved\": \"2015-01-03T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2015-01-10T19:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GSD-2014-9495
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-9495",
"description": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image.",
"id": "GSD-2014-9495",
"references": [
"https://www.suse.com/security/cve/CVE-2014-9495.html",
"https://advisories.mageia.org/CVE-2014-9495.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-9495"
],
"details": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image.",
"id": "GSD-2014-9495",
"modified": "2023-12-13T01:22:48.374112Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
},
{
"name": "71820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71820"
},
{
"name": "APPLE-SA-2016-03-21-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "https://support.apple.com/HT206167",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206167"
},
{
"name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
"refsource": "MLIST",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"name": "[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available",
"refsource": "MLIST",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
},
{
"name": "1031444",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031444"
},
{
"name": "62725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62725"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[1.6.0,1.6.15]",
"affected_versions": "All versions starting from 1.6.0 up to 1.6.15",
"cvss_v2": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"cwe_ids": [
"CWE-1035",
"CWE-119",
"CWE-937"
],
"date": "2016-10-18",
"description": "Heap-based buffer overflow in the png_combine_row function in libpng, when running on systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image.",
"fixed_versions": [
"1.6.18.1"
],
"identifier": "CVE-2014-9495",
"identifiers": [
"CVE-2014-9495"
],
"not_impacted": "All versions before 1.6.0, all versions after 1.6.15",
"package_slug": "nuget/libpng",
"pubdate": "2015-01-10",
"solution": "Upgrade to version 1.6.18.1 or above.",
"title": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-9495"
],
"uuid": "81f97696-c983-4e20-ace5-acf9ee3ea546"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.11.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.4:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.9:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.14:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.2:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.7:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.11:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.12:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:*:beta:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.1:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.10:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.15:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.3:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.8:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.13:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9495"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031444",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1031444"
},
{
"name": "[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
},
{
"name": "71820",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/71820"
},
{
"name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
"refsource": "MLIST",
"tags": [],
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"name": "[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available",
"refsource": "MLIST",
"tags": [],
"url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
},
{
"name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"name": "62725",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/62725"
},
{
"name": "https://support.apple.com/HT206167",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "APPLE-SA-2016-03-21-5",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2016-10-18T03:45Z",
"publishedDate": "2015-01-10T19:59Z"
}
}
}
FKIE_CVE-2014-9495
Vulnerability from fkie_nvd - Published: 2015-01-10 19:59 - Updated: 2025-06-09 16:15
Severity ?
Summary
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | * | |
| libpng | libpng | * | |
| libpng | libpng | 1.6.0 | |
| libpng | libpng | 1.6.0 | |
| libpng | libpng | 1.6.1 | |
| libpng | libpng | 1.6.1 | |
| libpng | libpng | 1.6.2 | |
| libpng | libpng | 1.6.2 | |
| libpng | libpng | 1.6.3 | |
| libpng | libpng | 1.6.3 | |
| libpng | libpng | 1.6.4 | |
| libpng | libpng | 1.6.4 | |
| libpng | libpng | 1.6.5 | |
| libpng | libpng | 1.6.6 | |
| libpng | libpng | 1.6.7 | |
| libpng | libpng | 1.6.7 | |
| libpng | libpng | 1.6.8 | |
| libpng | libpng | 1.6.8 | |
| libpng | libpng | 1.6.9 | |
| libpng | libpng | 1.6.9 | |
| libpng | libpng | 1.6.10 | |
| libpng | libpng | 1.6.10 | |
| libpng | libpng | 1.6.11 | |
| libpng | libpng | 1.6.11 | |
| libpng | libpng | 1.6.12 | |
| libpng | libpng | 1.6.13 | |
| libpng | libpng | 1.6.13 | |
| libpng | libpng | 1.6.14 | |
| libpng | libpng | 1.6.14 | |
| libpng | libpng | 1.6.15 | |
| libpng | libpng | 1.6.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82",
"versionEndIncluding": "10.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "4D0BD544-FE2A-4AC6-8402-15A677EFC24C",
"versionEndIncluding": "1.5.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0D174-F35C-488B-8577-00EFB7741089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "051989A3-3F72-4223-98DF-54B0488656F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDC5DA5-F2A7-4819-BB9D-258EB9AB7857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "02FCC235-9564-4B92-B1AB-294EAB110E95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27B34D78-C0BC-45DC-AD84-F5F13451ED7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "40C344C8-812C-4EDE-9AD6-31EF7F0E24C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D3A7EC-774C-423F-BDE1-CDCB9433D87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "B9353E66-56D2-4CD1-BC30-5B2FF0F4E722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B898B95-CF41-4813-8FE7-776BD59A6A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "5D9BF9ED-965A-4BF5-A3EC-FAFCE880F14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5E5899-5A3F-49A1-B18C-4C97566B87BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C7897EEC-DE43-485A-B2CD-E8623A6D2C8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC16FE2-E94E-45B9-94F0-B6434B21DD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "278434CA-DD56-47FC-9C15-4B9D4159786C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8DAE31-CCA9-450D-90E5-B8F0490FB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "0C5712AB-1A98-45DB-8384-5CD70D03684C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "52FEB5C9-0C13-4FD6-876C-AAE7ED4E986C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "B2903D2B-A99A-4120-88DC-A1DF59085F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2337F9F3-D26D-4A24-880A-800CD5C16795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.10:beta:*:*:*:*:*:*",
"matchCriteriaId": "D97CC2D1-657A-48D7-8035-89986341B56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "31F71BA3-5402-448E-9068-EB0DCA1D62EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.11:beta:*:*:*:*:*:*",
"matchCriteriaId": "3539DE6A-05BE-47EB-A89F-D3E4D98FC014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.12:beta:*:*:*:*:*:*",
"matchCriteriaId": "4A004603-261B-49DB-B15B-A8EE0F3AB4BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "AD67323A-8463-4B8F-B370-40C2ACFF4D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.13:beta:*:*:*:*:*:*",
"matchCriteriaId": "6944746B-2032-4088-A7EB-EE004F12274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2BBA4F43-0FD0-4D7D-84A0-37C8E79B9B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.14:beta:*:*:*:*:*:*",
"matchCriteriaId": "7AC27CC2-D64C-4AED-A0DF-F6F2920D7AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "71E01CC8-1C29-4C46-8213-B48A2364CE8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.15:beta:*:*:*:*:*:*",
"matchCriteriaId": "2A8396AB-D983-4F04-A9F5-FA120A0E0AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n png_combine_row en libpng en versiones anteriores a 1.5.21 y 1.6.x en versiones anteriores a 1.6.16, cuando se ejecuta en sistemas de 64 bits, podr\u00eda permitir a atacantes dependientes del contexto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen PNG \"entrelazada muy ampliamente\"."
}
],
"id": "CVE-2014-9495",
"lastModified": "2025-06-09T16:15:24.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2015-01-10T19:59:00.047",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62725"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71820"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1031444"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206167"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CNVD-2015-00014
Vulnerability from cnvd - Published: 2015-01-04
VLAI Severity ?
Title
libpng 'png_combine_row()'缓冲区溢出漏洞
Description
libpng是一款多种应用程序所使用的解析PNG图形格式的函数库。
libpng 'png_combine_row()'存在缓冲区溢出漏洞,因为它未能正确验证用户提供的输入。攻击者可能会利用这些漏洞在使用受影响的库的应用程序的上下文中执行任意代码。
Severity
高
Patch Name
libpng 'png_combine_row()'缓冲区溢出漏洞的补丁
Patch Description
libpng是一款多种应用程序所使用的解析PNG图形格式的函数库。libpng 'png_combine_row()'存在缓冲区溢出漏洞,因为它未能正确验证用户提供的输入。攻击者可能会利用这些漏洞在使用受影响的库的应用程序的上下文中执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可以联系供应商获得补丁信息: http://www.libpng.org/pub/png/libpng.html
Reference
http://www.securityfocus.com/bid/71820
Impacted products
| Name | libpng libpng <=1.6.15 |
|---|
{
"bids": {
"bid": {
"bidNumber": "71820"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2014-9495"
}
},
"description": "libpng\u662f\u4e00\u6b3e\u591a\u79cd\u5e94\u7528\u7a0b\u5e8f\u6240\u4f7f\u7528\u7684\u89e3\u6790PNG\u56fe\u5f62\u683c\u5f0f\u7684\u51fd\u6570\u5e93\u3002 \r\n\r\nlibpng \u0027png_combine_row()\u0027\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u56e0\u4e3a\u5b83\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u5728\u4f7f\u7528\u53d7\u5f71\u54cd\u7684\u5e93\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Alex Eubanks",
"formalWay": "\u7528\u6237\u53ef\u4ee5\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.libpng.org/pub/png/libpng.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-00014",
"openTime": "2015-01-04",
"patchDescription": "libpng\u662f\u4e00\u6b3e\u591a\u79cd\u5e94\u7528\u7a0b\u5e8f\u6240\u4f7f\u7528\u7684\u89e3\u6790PNG\u56fe\u5f62\u683c\u5f0f\u7684\u51fd\u6570\u5e93\u3002libpng \u0027png_combine_row()\u0027\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u56e0\u4e3a\u5b83\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u5728\u4f7f\u7528\u53d7\u5f71\u54cd\u7684\u5e93\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "libpng \u0027png_combine_row()\u0027\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "libpng libpng \u003c=1.6.15"
},
"referenceLink": "http://www.securityfocus.com/bid/71820",
"serverity": "\u9ad8",
"submitTime": "2014-12-31",
"title": "libpng \u0027png_combine_row()\u0027\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
OPENSUSE-SU-2024:10184-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libpng12-0-1.2.56-1.5 on GA media
Severity
Moderate
Notes
Title of the patch: libpng12-0-1.2.56-1.5 on GA media
Description of the patch: These are all security issues fixed in the libpng12-0-1.2.56-1.5 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10184
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libpng12-0-1.2.56-1.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libpng12-0-1.2.56-1.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10184",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10184-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-1205 page",
"url": "https://www.suse.com/security/cve/CVE-2010-1205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-2501 page",
"url": "https://www.suse.com/security/cve/CVE-2011-2501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3026 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3045 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3048 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-3386 page",
"url": "https://www.suse.com/security/cve/CVE-2012-3386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-7353 page",
"url": "https://www.suse.com/security/cve/CVE-2013-7353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-7354 page",
"url": "https://www.suse.com/security/cve/CVE-2013-7354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9495 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-0973 page",
"url": "https://www.suse.com/security/cve/CVE-2015-0973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8126 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8540 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8540/"
}
],
"title": "libpng12-0-1.2.56-1.5 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10184-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng12-0-1.2.56-1.5.aarch64",
"product": {
"name": "libpng12-0-1.2.56-1.5.aarch64",
"product_id": "libpng12-0-1.2.56-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libpng12-0-32bit-1.2.56-1.5.aarch64",
"product": {
"name": "libpng12-0-32bit-1.2.56-1.5.aarch64",
"product_id": "libpng12-0-32bit-1.2.56-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-1.2.56-1.5.aarch64",
"product": {
"name": "libpng12-compat-devel-1.2.56-1.5.aarch64",
"product_id": "libpng12-compat-devel-1.2.56-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"product": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"product_id": "libpng12-compat-devel-32bit-1.2.56-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libpng12-devel-1.2.56-1.5.aarch64",
"product": {
"name": "libpng12-devel-1.2.56-1.5.aarch64",
"product_id": "libpng12-devel-1.2.56-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libpng12-devel-32bit-1.2.56-1.5.aarch64",
"product": {
"name": "libpng12-devel-32bit-1.2.56-1.5.aarch64",
"product_id": "libpng12-devel-32bit-1.2.56-1.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng12-0-1.2.56-1.5.ppc64le",
"product": {
"name": "libpng12-0-1.2.56-1.5.ppc64le",
"product_id": "libpng12-0-1.2.56-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng12-0-32bit-1.2.56-1.5.ppc64le",
"product": {
"name": "libpng12-0-32bit-1.2.56-1.5.ppc64le",
"product_id": "libpng12-0-32bit-1.2.56-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-1.2.56-1.5.ppc64le",
"product": {
"name": "libpng12-compat-devel-1.2.56-1.5.ppc64le",
"product_id": "libpng12-compat-devel-1.2.56-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"product": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"product_id": "libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng12-devel-1.2.56-1.5.ppc64le",
"product": {
"name": "libpng12-devel-1.2.56-1.5.ppc64le",
"product_id": "libpng12-devel-1.2.56-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"product": {
"name": "libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"product_id": "libpng12-devel-32bit-1.2.56-1.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng12-0-1.2.56-1.5.s390x",
"product": {
"name": "libpng12-0-1.2.56-1.5.s390x",
"product_id": "libpng12-0-1.2.56-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libpng12-0-32bit-1.2.56-1.5.s390x",
"product": {
"name": "libpng12-0-32bit-1.2.56-1.5.s390x",
"product_id": "libpng12-0-32bit-1.2.56-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-1.2.56-1.5.s390x",
"product": {
"name": "libpng12-compat-devel-1.2.56-1.5.s390x",
"product_id": "libpng12-compat-devel-1.2.56-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"product": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"product_id": "libpng12-compat-devel-32bit-1.2.56-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libpng12-devel-1.2.56-1.5.s390x",
"product": {
"name": "libpng12-devel-1.2.56-1.5.s390x",
"product_id": "libpng12-devel-1.2.56-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libpng12-devel-32bit-1.2.56-1.5.s390x",
"product": {
"name": "libpng12-devel-32bit-1.2.56-1.5.s390x",
"product_id": "libpng12-devel-32bit-1.2.56-1.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng12-0-1.2.56-1.5.x86_64",
"product": {
"name": "libpng12-0-1.2.56-1.5.x86_64",
"product_id": "libpng12-0-1.2.56-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libpng12-0-32bit-1.2.56-1.5.x86_64",
"product": {
"name": "libpng12-0-32bit-1.2.56-1.5.x86_64",
"product_id": "libpng12-0-32bit-1.2.56-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-1.2.56-1.5.x86_64",
"product": {
"name": "libpng12-compat-devel-1.2.56-1.5.x86_64",
"product_id": "libpng12-compat-devel-1.2.56-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"product": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"product_id": "libpng12-compat-devel-32bit-1.2.56-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libpng12-devel-1.2.56-1.5.x86_64",
"product": {
"name": "libpng12-devel-1.2.56-1.5.x86_64",
"product_id": "libpng12-devel-1.2.56-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libpng12-devel-32bit-1.2.56-1.5.x86_64",
"product": {
"name": "libpng12-devel-32bit-1.2.56-1.5.x86_64",
"product_id": "libpng12-devel-32bit-1.2.56-1.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-1.2.56-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64"
},
"product_reference": "libpng12-0-1.2.56-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-1.2.56-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le"
},
"product_reference": "libpng12-0-1.2.56-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-1.2.56-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x"
},
"product_reference": "libpng12-0-1.2.56-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-1.2.56-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64"
},
"product_reference": "libpng12-0-1.2.56-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-32bit-1.2.56-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64"
},
"product_reference": "libpng12-0-32bit-1.2.56-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-32bit-1.2.56-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le"
},
"product_reference": "libpng12-0-32bit-1.2.56-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-32bit-1.2.56-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x"
},
"product_reference": "libpng12-0-32bit-1.2.56-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-32bit-1.2.56-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64"
},
"product_reference": "libpng12-0-32bit-1.2.56-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-1.2.56-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64"
},
"product_reference": "libpng12-compat-devel-1.2.56-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-1.2.56-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le"
},
"product_reference": "libpng12-compat-devel-1.2.56-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-1.2.56-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x"
},
"product_reference": "libpng12-compat-devel-1.2.56-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-1.2.56-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64"
},
"product_reference": "libpng12-compat-devel-1.2.56-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64"
},
"product_reference": "libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le"
},
"product_reference": "libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x"
},
"product_reference": "libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64"
},
"product_reference": "libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-1.2.56-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64"
},
"product_reference": "libpng12-devel-1.2.56-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-1.2.56-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le"
},
"product_reference": "libpng12-devel-1.2.56-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-1.2.56-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x"
},
"product_reference": "libpng12-devel-1.2.56-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-1.2.56-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64"
},
"product_reference": "libpng12-devel-1.2.56-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-32bit-1.2.56-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64"
},
"product_reference": "libpng12-devel-32bit-1.2.56-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-32bit-1.2.56-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le"
},
"product_reference": "libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-32bit-1.2.56-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x"
},
"product_reference": "libpng12-devel-32bit-1.2.56-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-32bit-1.2.56-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
},
"product_reference": "libpng12-devel-32bit-1.2.56-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-1205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-1205"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-1205",
"url": "https://www.suse.com/security/cve/CVE-2010-1205"
},
{
"category": "external",
"summary": "SUSE Bug 1188284 for CVE-2010-1205",
"url": "https://bugzilla.suse.com/1188284"
},
{
"category": "external",
"summary": "SUSE Bug 617866 for CVE-2010-1205",
"url": "https://bugzilla.suse.com/617866"
},
{
"category": "external",
"summary": "SUSE Bug 622506 for CVE-2010-1205",
"url": "https://bugzilla.suse.com/622506"
},
{
"category": "external",
"summary": "SUSE Bug 639941 for CVE-2010-1205",
"url": "https://bugzilla.suse.com/639941"
},
{
"category": "external",
"summary": "SUSE Bug 854395 for CVE-2010-1205",
"url": "https://bugzilla.suse.com/854395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2010-1205"
},
{
"cve": "CVE-2011-2501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-2501"
}
],
"notes": [
{
"category": "general",
"text": "The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-2501",
"url": "https://www.suse.com/security/cve/CVE-2011-2501"
},
{
"category": "external",
"summary": "SUSE Bug 702578 for CVE-2011-2501",
"url": "https://bugzilla.suse.com/702578"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-2501"
},
{
"cve": "CVE-2011-3026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3026"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3026",
"url": "https://www.suse.com/security/cve/CVE-2011-3026"
},
{
"category": "external",
"summary": "SUSE Bug 747311 for CVE-2011-3026",
"url": "https://bugzilla.suse.com/747311"
},
{
"category": "external",
"summary": "SUSE Bug 747327 for CVE-2011-3026",
"url": "https://bugzilla.suse.com/747327"
},
{
"category": "external",
"summary": "SUSE Bug 747328 for CVE-2011-3026",
"url": "https://bugzilla.suse.com/747328"
},
{
"category": "external",
"summary": "SUSE Bug 773612 for CVE-2011-3026",
"url": "https://bugzilla.suse.com/773612"
},
{
"category": "external",
"summary": "SUSE Bug 854395 for CVE-2011-3026",
"url": "https://bugzilla.suse.com/854395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2011-3026"
},
{
"cve": "CVE-2011-3045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3045"
}
],
"notes": [
{
"category": "general",
"text": "Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3045",
"url": "https://www.suse.com/security/cve/CVE-2011-3045"
},
{
"category": "external",
"summary": "SUSE Bug 752008 for CVE-2011-3045",
"url": "https://bugzilla.suse.com/752008"
},
{
"category": "external",
"summary": "SUSE Bug 754456 for CVE-2011-3045",
"url": "https://bugzilla.suse.com/754456"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2011-3045"
},
{
"cve": "CVE-2011-3048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3048"
}
],
"notes": [
{
"category": "general",
"text": "The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3048",
"url": "https://www.suse.com/security/cve/CVE-2011-3048"
},
{
"category": "external",
"summary": "SUSE Bug 754745 for CVE-2011-3048",
"url": "https://bugzilla.suse.com/754745"
},
{
"category": "external",
"summary": "SUSE Bug 854395 for CVE-2011-3048",
"url": "https://bugzilla.suse.com/854395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-3048"
},
{
"cve": "CVE-2012-3386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-3386"
}
],
"notes": [
{
"category": "general",
"text": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-3386",
"url": "https://www.suse.com/security/cve/CVE-2012-3386"
},
{
"category": "external",
"summary": "SUSE Bug 770618 for CVE-2012-3386",
"url": "https://bugzilla.suse.com/770618"
},
{
"category": "external",
"summary": "SUSE Bug 786745 for CVE-2012-3386",
"url": "https://bugzilla.suse.com/786745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-3386"
},
{
"cve": "CVE-2013-7353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-7353"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-7353",
"url": "https://www.suse.com/security/cve/CVE-2013-7353"
},
{
"category": "external",
"summary": "SUSE Bug 873124 for CVE-2013-7353",
"url": "https://bugzilla.suse.com/873124"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-7353"
},
{
"cve": "CVE-2013-7354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-7354"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-7354",
"url": "https://www.suse.com/security/cve/CVE-2013-7354"
},
{
"category": "external",
"summary": "SUSE Bug 873123 for CVE-2013-7354",
"url": "https://bugzilla.suse.com/873123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-7354"
},
{
"cve": "CVE-2014-9495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9495"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9495",
"url": "https://www.suse.com/security/cve/CVE-2014-9495"
},
{
"category": "external",
"summary": "SUSE Bug 912076 for CVE-2014-9495",
"url": "https://bugzilla.suse.com/912076"
},
{
"category": "external",
"summary": "SUSE Bug 912929 for CVE-2014-9495",
"url": "https://bugzilla.suse.com/912929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2014-9495"
},
{
"cve": "CVE-2015-0973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-0973"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-0973",
"url": "https://www.suse.com/security/cve/CVE-2015-0973"
},
{
"category": "external",
"summary": "SUSE Bug 912929 for CVE-2015-0973",
"url": "https://bugzilla.suse.com/912929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-0973"
},
{
"cve": "CVE-2015-8126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8126"
}
],
"notes": [
{
"category": "general",
"text": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8126",
"url": "https://www.suse.com/security/cve/CVE-2015-8126"
},
{
"category": "external",
"summary": "SUSE Bug 954980 for CVE-2015-8126",
"url": "https://bugzilla.suse.com/954980"
},
{
"category": "external",
"summary": "SUSE Bug 958198 for CVE-2015-8126",
"url": "https://bugzilla.suse.com/958198"
},
{
"category": "external",
"summary": "SUSE Bug 960402 for CVE-2015-8126",
"url": "https://bugzilla.suse.com/960402"
},
{
"category": "external",
"summary": "SUSE Bug 962743 for CVE-2015-8126",
"url": "https://bugzilla.suse.com/962743"
},
{
"category": "external",
"summary": "SUSE Bug 963937 for CVE-2015-8126",
"url": "https://bugzilla.suse.com/963937"
},
{
"category": "external",
"summary": "SUSE Bug 969333 for CVE-2015-8126",
"url": "https://bugzilla.suse.com/969333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-8126"
},
{
"cve": "CVE-2015-8540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8540"
}
],
"notes": [
{
"category": "general",
"text": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8540",
"url": "https://www.suse.com/security/cve/CVE-2015-8540"
},
{
"category": "external",
"summary": "SUSE Bug 1149680 for CVE-2015-8540",
"url": "https://bugzilla.suse.com/1149680"
},
{
"category": "external",
"summary": "SUSE Bug 958791 for CVE-2015-8540",
"url": "https://bugzilla.suse.com/958791"
},
{
"category": "external",
"summary": "SUSE Bug 963937 for CVE-2015-8540",
"url": "https://bugzilla.suse.com/963937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2015-8540"
}
]
}
CERTFR-2016-AVI-106
Vulnerability from certfr_avis - Published: 2016-03-22 - Updated: 2016-03-22
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | OS X Mavericks versions 10.9.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | N/A | tvOS versions antérieures à 9.2 pour Apple TV (4ème génération) | ||
| Apple | N/A | OS X El Capitan 10.11.x versions antérieures à 10.11.4 | ||
| Apple | N/A | iOS versions antérieures à 9.3 pour iPhones 4s, iPod touch (5ème génération), iPad 2 et leurs modèles respectifs plus récents | ||
| Apple | N/A | watchOS versions antérieures à 2.2 | ||
| Apple | N/A | OS X Server versions antérieures à 5.1 pour OS X Yosemite versions 10.10.5 et ultérieures | ||
| Apple | N/A | Xcode versions antérieures à 7.3 pour OS X El Capitan versions 10.11 et ultérieures | ||
| Apple | N/A | OS X Yosemite versions 10.10.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | Safari | Safari versions antérieures à 9.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OS X Mavericks versions 10.9.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 9.2 pour Apple TV (4\u00e8me g\u00e9n\u00e9ration)",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X El Capitan 10.11.x versions ant\u00e9rieures \u00e0 10.11.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 9.3 pour iPhones 4s, iPod touch (5\u00e8me g\u00e9n\u00e9ration), iPad 2 et leurs mod\u00e8les respectifs plus r\u00e9cents",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Server versions ant\u00e9rieures \u00e0 5.1 pour OS X Yosemite versions 10.10.5 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 7.3 pour OS X El Capitan versions 10.11 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Yosemite versions 10.10.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 9.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1753"
},
{
"name": "CVE-2016-1781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1781"
},
{
"name": "CVE-2016-1736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1736"
},
{
"name": "CVE-2016-1750",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1750"
},
{
"name": "CVE-2016-1779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1779"
},
{
"name": "CVE-2016-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1748"
},
{
"name": "CVE-2016-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1766"
},
{
"name": "CVE-2016-1758",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1758"
},
{
"name": "CVE-2016-1735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1735"
},
{
"name": "CVE-2016-1763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1763"
},
{
"name": "CVE-2016-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1767"
},
{
"name": "CVE-2016-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1720"
},
{
"name": "CVE-2016-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1771"
},
{
"name": "CVE-2016-1719",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1719"
},
{
"name": "CVE-2015-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
},
{
"name": "CVE-2016-1727",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1727"
},
{
"name": "CVE-2016-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
},
{
"name": "CVE-2015-3184",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3184"
},
{
"name": "CVE-2015-1819",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1819"
},
{
"name": "CVE-2016-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0801"
},
{
"name": "CVE-2016-1950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1950"
},
{
"name": "CVE-2016-1768",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1768"
},
{
"name": "CVE-2016-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0802"
},
{
"name": "CVE-2016-1744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1744"
},
{
"name": "CVE-2016-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1775"
},
{
"name": "CVE-2016-1787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1787"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2016-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1788"
},
{
"name": "CVE-2015-3187",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3187"
},
{
"name": "CVE-2016-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1786"
},
{
"name": "CVE-2016-1717",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1717"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2016-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1776"
},
{
"name": "CVE-2009-2197",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2197"
},
{
"name": "CVE-2016-1785",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1785"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1755"
},
{
"name": "CVE-2016-1733",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1733"
},
{
"name": "CVE-2016-1772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1772"
},
{
"name": "CVE-2016-1723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1723"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1754"
},
{
"name": "CVE-2016-1783",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1783"
},
{
"name": "CVE-2016-1756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1756"
},
{
"name": "CVE-2016-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1745"
},
{
"name": "CVE-2016-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1752"
},
{
"name": "CVE-2014-9495",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9495"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7942"
},
{
"name": "CVE-2015-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5333"
},
{
"name": "CVE-2015-8126",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8126"
},
{
"name": "CVE-2016-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1725"
},
{
"name": "CVE-2016-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1761"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2016-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1740"
},
{
"name": "CVE-2016-1764",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1764"
},
{
"name": "CVE-2016-1757",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1757"
},
{
"name": "CVE-2016-1769",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1769"
},
{
"name": "CVE-2016-1743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1743"
},
{
"name": "CVE-2016-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1746"
},
{
"name": "CVE-2016-1724",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1724"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-8659",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8659"
},
{
"name": "CVE-2016-1770",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1770"
},
{
"name": "CVE-2016-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1749"
},
{
"name": "CVE-2016-1732",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1732"
},
{
"name": "CVE-2016-1773",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1773"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2016-1765",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1765"
},
{
"name": "CVE-2016-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1741"
},
{
"name": "CVE-2016-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1737"
},
{
"name": "CVE-2016-1784",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1784"
},
{
"name": "CVE-2016-1759",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1759"
},
{
"name": "CVE-2016-1778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1778"
},
{
"name": "CVE-2015-5334",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5334"
},
{
"name": "CVE-2016-1722",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1722"
},
{
"name": "CVE-2015-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0973"
},
{
"name": "CVE-2016-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1738"
},
{
"name": "CVE-2016-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1747"
},
{
"name": "CVE-2015-7551",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
},
{
"name": "CVE-2016-1780",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1780"
},
{
"name": "CVE-2016-1774",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1774"
},
{
"name": "CVE-2016-1721",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1721"
},
{
"name": "CVE-2015-8472",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8472"
},
{
"name": "CVE-2016-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1782"
},
{
"name": "CVE-2016-1726",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1726"
},
{
"name": "CVE-2016-1751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1751"
},
{
"name": "CVE-2016-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
},
{
"name": "CVE-2016-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1734"
}
],
"initial_release_date": "2016-03-22T00:00:00",
"last_revision_date": "2016-03-22T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-106",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206173 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206173"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206169 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206169"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206168 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206168"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206171 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206171"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206166 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206166"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206172 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206172"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206167 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206167"
}
]
}
VAR-201501-0704
Vulnerability from variot - Updated: 2025-06-09 20:22Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. libpng is prone to heap-based buffer-overflow vulnerability because it fails to properly validate user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application that uses the affected library. Failed attacks will cause denial-of-service conditions. libpng 1.6.15 and prior are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:090 http://www.mandriva.com/en/support/security/
Package : libpng Date : March 28, 2015 Affected: Business Server 2.0
Problem Description:
Updated libpng package fixes security vulnerabilities:
The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero (CVE-2014-0333).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495 http://advisories.mageia.org/MGASA-2014-0131.html http://advisories.mageia.org/MGASA-2015-0008.html
Updated Packages:
Mandriva Business Server 2/X86_64: 12c8bd2dd02e2521830355aa84176974 mbs2/x86_64/lib64png16_16-1.6.16-1.mbs2.x86_64.rpm 4a8f8b65c02ef36efd73e532b3019a1a mbs2/x86_64/lib64png-devel-1.6.16-1.mbs2.x86_64.rpm 7375c5ff0f64bba7ad6123bd92a1bbd1 mbs2/SRPMS/libpng-1.6.16-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201502-10
http://security.gentoo.org/
Severity: Normal Title: libpng: User-assisted execution of arbitrary code Date: February 15, 2015 Bugs: #531264, #533358 ID: 201502-10
Synopsis
Two vulnerabilities have been found in libpng, possibly resulting in execution of arbitrary code.
Background
libpng is a standard library used to process PNG (Portable Network Graphics) images. It is used by several programs, including web browsers and potentially server processes.
Workaround
There is no known workaround at this time.
Resolution
All libpng 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.16"
All libpng 1.5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.21"
References
[ 1 ] CVE-2014-9495 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9495 [ 2 ] libpng 1.6.15 Release Notes http://www.libpng.org/pub/png/src/libpng-1.6.15-README.txt
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201502-10.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002
OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following:
apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team
AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB
Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher
dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB
FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659
Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero
IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash
IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad
IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox
NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero
OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys
OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys
OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195
Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG
Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca
Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc.
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab
Tcl
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .png file may lead to
arbitrary code execution
Description: Multiple vulnerabilities existed in libpng versions
prior to 1.6.20.
CVE-ID
CVE-2015-8126 : Adam Mariš
TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)
Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171
OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0704",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "libpng",
"version": "1.6.15"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "libpng",
"version": "1.6.14"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.0"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.11"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.13"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.2"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.5"
},
{
"model": "libpng",
"scope": "lte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.20"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.6"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.12"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.3"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.8"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.7"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.1"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.10"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.9"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.3"
},
{
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "libpng",
"scope": "lt",
"trust": 0.8,
"vendor": "png group",
"version": "1.6.x"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.8,
"vendor": "png group",
"version": "1.6.16"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11 to 10.11.3"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.5.20"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "71820"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007576"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-084"
},
{
"db": "NVD",
"id": "CVE-2014-9495"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:libpng:libpng",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007576"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alex Eubanks",
"sources": [
{
"db": "BID",
"id": "71820"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-084"
}
],
"trust": 0.9
},
"cve": "CVE-2014-9495",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9495",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-77440",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2014-9495",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9495",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2014-9495",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9495",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-084",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-77440",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-9495",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77440"
},
{
"db": "VULMON",
"id": "CVE-2014-9495"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007576"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-084"
},
{
"db": "NVD",
"id": "CVE-2014-9495"
},
{
"db": "NVD",
"id": "CVE-2014-9495"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image. libpng is prone to heap-based buffer-overflow vulnerability because it fails to properly validate user-supplied input. \nAttackers may leverage these issues to execute arbitrary code in the context of the application that uses the affected library. Failed attacks will cause denial-of-service conditions. \nlibpng 1.6.15 and prior are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:090\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : libpng\n Date : March 28, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Updated libpng package fixes security vulnerabilities:\n \n The png_push_read_chunk function in pngpread.c in the progressive\n decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause\n a denial of service (infinite loop and CPU consumption) via an IDAT\n chunk with a length of zero (CVE-2014-0333). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495\n http://advisories.mageia.org/MGASA-2014-0131.html\n http://advisories.mageia.org/MGASA-2015-0008.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 12c8bd2dd02e2521830355aa84176974 mbs2/x86_64/lib64png16_16-1.6.16-1.mbs2.x86_64.rpm\n 4a8f8b65c02ef36efd73e532b3019a1a mbs2/x86_64/lib64png-devel-1.6.16-1.mbs2.x86_64.rpm \n 7375c5ff0f64bba7ad6123bd92a1bbd1 mbs2/SRPMS/libpng-1.6.16-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201502-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: libpng: User-assisted execution of arbitrary code\n Date: February 15, 2015\n Bugs: #531264, #533358\n ID: 201502-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nTwo vulnerabilities have been found in libpng, possibly resulting in\nexecution of arbitrary code. \n\nBackground\n==========\n\nlibpng is a standard library used to process PNG (Portable Network\nGraphics) images. It is used by several programs, including web\nbrowsers and potentially server processes. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libpng 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/libpng-1.6.16\"\n\nAll libpng 1.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/libpng-1.5.21\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-9495\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9495\n[ 2 ] libpng 1.6.15 Release Notes\n http://www.libpng.org/pub/png/src/libpng-1.6.15-README.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201502-10.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update\n2016-002\n\nOS X El Capitan 10.11.4 and Security Update 2016-002 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\nAppleUSBNetworking\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the parsing of\ndata from USB devices. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\nBluetooth\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\nCVE-2016-1736 : beist and ABH of BoB\n\nCarbon\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2016-1737 : an anonymous researcher\n\ndyld\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker may tamper with code-signed applications to\nexecute arbitrary code in the application\u0027s context\nDescription: A code signing verification issue existed in dyld. This\nissue was addressed with improved validation. \nCVE-ID\nCVE-2016-1738 : beist and ABH of BoB\n\nFontParser\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1743 : Piotr Bania of Cisco Talos\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to cause a denial of service\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1745 : sweetchip of Grayhash\n\nIOGraphics\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\n\nIOHIDFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nIOUSBFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of\nTrend Micro working with Trend Micro\u0027s Zero Day Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition existed during the creation of new\nprocesses. This was addressed through improved state handling. \nCVE-ID\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\nCVE-2016-1759 : lokihardt\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1758 : Brandon Azad\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to cause a denial of service\nDescription: A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker who is able to bypass Apple\u0027s certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription: A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a JavaScript link can reveal sensitive user\ninformation\nDescription: An issue existed in the processing of JavaScript links. \nThis issue was addressed through improved content security policy\nchecks. \nCVE-ID\nCVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of\nBishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\nNVIDIA Graphics Drivers\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Connecting to a server may leak sensitive user information,\nsuch as a client\u0027s private keys\nDescription: Roaming, which was on by default in the OpenSSH client,\nexposed an information leak and a buffer overflow. These issues were\naddressed by disabling roaming in the client. \nCVE-ID\nCVE-2016-0777 : Qualys\nCVE-2016-0778 : Qualys\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact: Multiple vulnerabilities in LibreSSL\nDescription: Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333 : Qualys\nCVE-2015-5334 : Qualys\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory leak existed in OpenSSL versions prior to\n0.9.8zh. This issue was addressed by updating OpenSSL to version\n0.9.8zh. \nCVE-ID\nCVE-2015-3195\n\nPython\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2014-9495\nCVE-2015-0973\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1767 : Francis Provencher from COSIG\nCVE-2016-1768 : Francis Provencher from COSIG\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1769 : Francis Provencher from COSIG\n\nReminders\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a tel link can make a call without prompting the\nuser\nDescription: A user was not prompted before invoking a call. This\nwas addressed through improved entitlement checks. \nCVE-ID\nCVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of\nLaurent.ca\n\nRuby\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An unsafe tainted string usage vulnerability existed in\nversions prior to 2.0.0-p648. This issue was addressed by updating to\nversion 2.0.0-p648. \nCVE-ID\nCVE-2015-7551\n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A permissions issue existed in code signing tools. This\nwas addressed though additional ownership checks. \nCVE-ID\nCVE-2016-1773 : Mark Mentovai of Google Inc. \n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTcl\nAvailable for: \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\n\nTrueTypeScaler\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWi-Fi\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of Safari 9.1. \nhttps://support.apple.com/kb/HT206171\n\nOS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6\nARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w\nHiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l\nJy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau\n/71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi\nUhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng\nO+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78\njuPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF\ni9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP\nIzo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X\nqlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q\nVZmOKa8qMxB1L/JmdCqy\n=mZR+\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9495"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007576"
},
{
"db": "BID",
"id": "71820"
},
{
"db": "VULHUB",
"id": "VHN-77440"
},
{
"db": "VULMON",
"id": "CVE-2014-9495"
},
{
"db": "PACKETSTORM",
"id": "131100"
},
{
"db": "PACKETSTORM",
"id": "130398"
},
{
"db": "PACKETSTORM",
"id": "136346"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9495",
"trust": 3.2
},
{
"db": "BID",
"id": "71820",
"trust": 2.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/01/04/3",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1031444",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/01/10/3",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/01/10/1",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "62725",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU97668313",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007576",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201501-084",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "130398",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136346",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77440",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-9495",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131100",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77440"
},
{
"db": "VULMON",
"id": "CVE-2014-9495"
},
{
"db": "BID",
"id": "71820"
},
{
"db": "PACKETSTORM",
"id": "131100"
},
{
"db": "PACKETSTORM",
"id": "130398"
},
{
"db": "PACKETSTORM",
"id": "136346"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007576"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-084"
},
{
"db": "NVD",
"id": "CVE-2014-9495"
}
]
},
"id": "VAR-201501-0704",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-77440"
}
],
"trust": 0.01
},
"last_update_date": "2025-06-09T20:22:08.730000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"title": "HT206167",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT206167"
},
{
"title": "HT206167",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT206167"
},
{
"title": "1698994",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698994"
},
{
"title": "1697791",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697791"
},
{
"title": "1699393",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699393"
},
{
"title": "1700399",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700399"
},
{
"title": "Oracle Solaris Third Party Bulletin - July 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"title": "[png-mng-announce] libpng-1.5.21 and 1.6.16 are available",
"trust": 0.8,
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"title": "Red Hat: CVE-2014-9495",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-9495"
},
{
"title": "Apple: OS X El Capitan v10.11.4 and Security Update 2016-002",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ef054ba76412200e34091eb91c38c281"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
},
{
"title": "WiiU-Vulns",
"trust": 0.1,
"url": "https://github.com/NotANullPointer/WiiU-Vulns "
},
{
"title": "afl-cve",
"trust": 0.1,
"url": "https://github.com/mrash/afl-cve "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-9495"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007576"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-122",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77440"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007576"
},
{
"db": "NVD",
"id": "CVE-2014-9495"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/71820"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
},
{
"trust": 1.8,
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1031444"
},
{
"trust": 1.4,
"url": "http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"trust": 1.2,
"url": "https://support.apple.com/ht206167"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"trust": 1.2,
"url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/62725"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9495"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97668313"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9495"
},
{
"trust": 0.3,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9495"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/notanullpointer/wiiu-vulns"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-9495"
},
{
"trust": 0.1,
"url": "https://github.com/mrash/afl-cve"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0333"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0131.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0333"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2015-0008.html"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9495"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201502-10.xml"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://www.libpng.org/pub/png/src/libpng-1.6.15-readme.txt"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0777"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht206171"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1732"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1738"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1737"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0973"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77440"
},
{
"db": "VULMON",
"id": "CVE-2014-9495"
},
{
"db": "BID",
"id": "71820"
},
{
"db": "PACKETSTORM",
"id": "131100"
},
{
"db": "PACKETSTORM",
"id": "130398"
},
{
"db": "PACKETSTORM",
"id": "136346"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007576"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-084"
},
{
"db": "NVD",
"id": "CVE-2014-9495"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-77440"
},
{
"db": "VULMON",
"id": "CVE-2014-9495"
},
{
"db": "BID",
"id": "71820"
},
{
"db": "PACKETSTORM",
"id": "131100"
},
{
"db": "PACKETSTORM",
"id": "130398"
},
{
"db": "PACKETSTORM",
"id": "136346"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007576"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-084"
},
{
"db": "NVD",
"id": "CVE-2014-9495"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-77440"
},
{
"date": "2015-01-10T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9495"
},
{
"date": "2014-12-25T00:00:00",
"db": "BID",
"id": "71820"
},
{
"date": "2015-03-30T21:26:19",
"db": "PACKETSTORM",
"id": "131100"
},
{
"date": "2015-02-16T17:23:48",
"db": "PACKETSTORM",
"id": "130398"
},
{
"date": "2016-03-22T15:18:02",
"db": "PACKETSTORM",
"id": "136346"
},
{
"date": "2015-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007576"
},
{
"date": "2014-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-084"
},
{
"date": "2015-01-10T19:59:00.047000",
"db": "NVD",
"id": "CVE-2014-9495"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-77440"
},
{
"date": "2016-10-18T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9495"
},
{
"date": "2016-07-06T14:08:00",
"db": "BID",
"id": "71820"
},
{
"date": "2016-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007576"
},
{
"date": "2015-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-084"
},
{
"date": "2025-06-09T16:15:24.410000",
"db": "NVD",
"id": "CVE-2014-9495"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "131100"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-084"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libpng of png_combine_row Heap-based buffer overflow vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-084"
}
],
"trust": 0.6
}
}
GHSA-WPR3-PFV2-CHJQ
Vulnerability from github – Published: 2022-05-17 03:47 – Updated: 2025-06-09 18:31
VLAI?
Details
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2014-9495"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-122"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-01-10T19:59:00Z",
"severity": "HIGH"
},
"details": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image.",
"id": "GHSA-wpr3-pfv2-chjq",
"modified": "2025-06-09T18:31:54Z",
"published": "2022-05-17T03:47:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9495"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206167"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/62725"
},
{
"type": "WEB",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33172831"
},
{
"type": "WEB",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/71820"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1031444"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…