Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:79E615C576FDFF735529D14E3BDA5B7C
HistoryJan 19, 2016 - 12:00 a.m.

USN-2861-1 libpng vulnerability | Cloud Foundry

2016-01-1900:00:00
Cloud Foundry
www.cloudfoundry.org
37

0.12 Low

EPSS

Percentile

95.4%

JSON

USN-2861-1 libpng vulnerability

Medium

Vendor

libpng

Versions Affected

  • Ubuntu 14.04

Description

It was discovered that libpng incorrectly handled certain small bit-depth values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2015-8472)

Qixue Xiao and Chen Yu discovered that libpng incorrectly handled certain malformed images. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2015-8540)

The Cloud Foundry project released a BOSH stemcell version 3146.3 that has the patched version of the Linux kernel. A new Cloud Foundry rootfs was also released, cflinuxfs2 v.1.25.0, that has the patches.

Affected Products and Versions

_Severity is medium unless otherwise noted.
_

  • All versions of Cloud Foundry BOSH stemcells prior to 3146.3 are vulnerable.
  • All versions of Cloud Foundry cflinuxfs2 prior to v.1.25.0.

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with BOSH stemcells 3146.3 or later versions and cflinuxfs2 v.1.25.0 or later versions.

Credit

Qixue Xiao and Chen Yu

References

Related

openvas 39
nessus 63
ubuntu 1
debian 4
osv 3
ibm 28
fedora 9
ubuntucve 2
prion 2
slackware 2
amazon 2
cvelist 2
veracode 2
mageia 2
nvd 2
cve 2
centos 3
redhat 8
f5 2
freebsd 1
archlinux 1
debiancve 1
oraclelinux 3
rosalinux 1
gentoo 1
suse 12
aix 1
openvas
openvas
Ubuntu: Security Advisory (USN-2861-1)
2016-01-07 00:00:00
Debian: Security Advisory (DSA-3443-1)
2016-01-12 00:00:00
Debian Security Advisory DSA 3443-1 (libpng - security update)
2016-01-13 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : libpng vulnerabilities (USN-2861-1)
2016-01-07 00:00:00
Debian DLA-375-1 : libpng Security Update
2016-08-02 00:00:00
Debian DSA-3443-1 : libpng - security update
2016-01-14 00:00:00
ubuntu
ubuntu
libpng vulnerabilities
2016-01-06 00:00:00
debian
debian
[SECURITY] [DSA 3443-1] libpng security update
2016-01-13 21:31:22
[SECURITY] [DSA 3443-1] libpng security update
2016-01-13 21:31:22
[SECURITY] [DLA 375-1] libpng security update
2015-12-27 21:02:26
osv
osv
libpng - security update
2016-01-13 00:00:00
libpng - security update
2015-12-27 00:00:00
openjdk-6 - security update
2016-02-04 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in libpng affect IBM Cognos Metrics Manager (CVE-2015-8126, CVE-2015-8472, CVE-2015-8540)
2018-06-15 23:15:10
Security Bulletin: Several vulnerabilities in the libpng component in IBM Tivoli Common Reporting (CVE-2015-8126, CVE-2015-8472, CVE-2015-8540)
2018-06-17 15:23:39
Security Bulletin: Several vulnerabilities in the libpng component of IBM Cognos Business Intelligence Server (CVE-2015-8126, CVE-2015-8472, CVE-2015-8540)
2018-06-15 23:14:38
fedora
fedora
[SECURITY] Fedora 22 Update: libpng12-1.2.56-1.fc22
2016-01-02 23:21:26
[SECURITY] Fedora 23 Update: libpng12-1.2.56-1.fc23
2016-01-02 22:24:31
[SECURITY] Fedora 22 Update: libpng10-1.0.66-1.fc22
2015-12-31 01:53:02
ubuntucve
ubuntucve
CVE-2015-8540
2015-12-11 00:00:00
CVE-2015-8472
2015-12-09 00:00:00
prion
prion
Integer overflow
2016-04-14 14:59:00
Buffer overflow
2016-01-21 15:59:00
slackware
slackware
[slackware-security] libpng
2015-12-18 06:17:35
[slackware-security] libpng
2015-12-16 06:25:09
amazon
amazon
Important: libpng
2023-01-18 00:16:00
Medium: libpng
2015-12-14 10:00:00
cvelist
cvelist
CVE-2015-8540
2016-04-14 14:00:00
CVE-2015-8472
2016-01-21 15:00:00
veracode
veracode
Buffer Overflow
2017-02-06 08:35:04
Denial-of-Service (DoS) Via Embedded Dependency
2017-02-27 07:42:41
mageia
mageia
Updated libpng12 packages fix security vulnerability
2015-12-28 22:23:26
Updated libpng packages fix security vulnerabilities
2015-12-17 00:01:04
nvd
nvd
CVE-2015-8540
2016-04-14 14:59:03
CVE-2015-8472
2016-01-21 15:59:00
cve
cve
CVE-2015-8540
2016-04-14 14:59:03
CVE-2015-8472
2016-01-21 15:59:00
centos
centos
libpng security update
2015-12-09 19:21:36
libpng12 security update
2015-12-09 19:21:50
libpng security update
2015-12-09 14:47:29
redhat
redhat
(RHSA-2015:2596) Moderate: libpng security update
2015-12-09 13:26:42
(RHSA-2015:2595) Moderate: libpng12 security update
2015-12-09 13:25:59
(RHSA-2015:2594) Moderate: libpng security update
2015-12-09 00:00:00
f5
f5
SOL81903701 - Libpng vulnerability CVE-2015-8472
2016-03-07 00:00:00
K81903701 : Libpng vulnerability CVE-2015-8472
2016-03-07 00:00:00
freebsd
freebsd
libpng buffer overflow in png_set_PLTE
2015-11-15 00:00:00
archlinux
archlinux
libpng: buffer overflow
2015-12-28 00:00:00
debiancve
debiancve
CVE-2015-8472
2016-01-21 15:59:00
oraclelinux
oraclelinux
libpng security update
2015-12-09 00:00:00
libpng security update
2015-12-09 00:00:00
libpng12 security update
2015-12-09 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1884
2021-07-02 17:16:15
gentoo
gentoo
libpng: Multiple vulnerabilities
2016-11-15 00:00:00
suse
suse
Security update for java-1_7_0-ibm (important)
2016-02-11 15:15:04
Security update for java-1_6_0-ibm (important)
2016-02-11 15:13:56
Security update for java-1_7_1-ibm (important)
2016-02-10 13:11:57
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-02-25 08:44:57

0.12 Low

EPSS

Percentile

95.4%

JSON
Related for CFOUNDRY:79E615C576FDFF735529D14E3BDA5B7C
openvas39nessus63ubuntu1debian4osv3ibm28fedora9ubuntucve2prion2slackware2amazon2cvelist2veracode2mageia2nvd2cve2centos3redhat8f52freebsd1archlinux1debiancve1oraclelinux3rosalinux1gentoo1suse12aix1