CVE-2015-7981

Name of the Vulnerable Software and Affected Versions libpng versions 1.0.x through 1.0.63 libpng versions 1.2.x through 1.2.53 libpng versions 1.4.x through 1.4.16

Description The issue allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. This is related to the png convert to rfc1123 function in png.c. The vulnerability is also associated with a lack of protection for service data, which can be exploited by a remote attacker using a specially crafted image to access protected information. Additionally, there is a buffer overflow issue caused by a read underflow in png check keyword in pngwutil.c, which can be exploited by sending an overly long argument, potentially allowing a remote attacker to execute arbitrary code on the system or cause the application to crash.

Recommendations For libpng versions 1.0.x through 1.0.63, update to version 1.0.64 or later. For libpng versions 1.2.x through 1.2.53, update to version 1.2.54 or later. For libpng versions 1.4.x through 1.4.16, update to version 1.4.17 or later. As a temporary workaround, consider restricting the use of the png convert to rfc1123 function and the png check keyword function in pngwutil.c until a patch is available. Avoid using overly long arguments in the png check keyword function to minimize the risk of exploitation.