CVE-2015-8472

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-8472

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2015-8472.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2015-8472

Downstream

DEBIAN-CVE-2015-8472

DLA-375-1

DLA-410-1

DSA-3443-1

OESA-2024-2091

RHSA-2015:2594

RHSA-2015:2595

RHSA-2015:2596

RHSA-2016:0055

RHSA-2016:0056

RHSA-2016:0057

RHSA-2016:0098

RHSA-2016:0099

RHSA-2016:0100

RHSA-2016:0101

RHSA-2016:1430

SUSE-SU-2016:0265-1

SUSE-SU-2016:0269-1

SUSE-SU-2016:0390-1

SUSE-SU-2016:0399-1

SUSE-SU-2016:0401-1

SUSE-SU-2016:0428-1

SUSE-SU-2016:0431-1

SUSE-SU-2016:0433-1

SUSE-SU-2016:0636-1

SUSE-SU-2016:0770-1

UBUNTU-CVE-2015-8472

USN-2861-1

openSUSE-SU-2024:10534-1

Related

Published

2016-01-21T15:59:00Z

Modified

2025-08-09T20:01:26Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

Buffer overflow in the pngsetPLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

References

Affected packages