CVE-2015-8126

Name of the Vulnerable Software and Affected Versions libpng versions 1.0.0 through 1.0.63 libpng versions 1.1.x libpng versions 1.2.x through 1.2.53 libpng versions 1.3.x through 1.4.16 libpng versions 1.4.x through 1.4.16 libpng versions 1.5.x through 1.5.23 libpng versions 1.6.x through 1.6.18

Description The issue is caused by multiple buffer overflows in the png set PLTE and png get PLTE functions in libpng. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR chunk in a PNG image. The vulnerability can be exploited by inserting a crafted IHDR header in a PNG image, potentially leading to a buffer overflow and allowing a remote attacker to execute arbitrary code on the system or cause the application to crash.

Recommendations For libpng versions 1.0.0 through 1.0.63, update to version 1.0.64 or later. For libpng versions 1.1.x, update to version 1.2.54 or later. For libpng versions 1.2.x through 1.2.53, update to version 1.2.54 or later. For libpng versions 1.3.x through 1.4.16, update to version 1.4.17 or later. For libpng versions 1.4.x through 1.4.16, update to version 1.4.17 or later. For libpng versions 1.5.x through 1.5.23, update to version 1.5.24 or later. For libpng versions 1.6.x through 1.6.18, update to version 1.6.19 or later. As a temporary workaround, consider disabling the png set PLTE and png get PLTE functions until a patch is available. Restrict access to PNG images with crafted IHDR headers to minimize the risk of exploitation. Avoid using the png check keyword function in pngwutil.c with overly long arguments until the issue is resolved.