CVE-2015-8540

NameCVE-2015-8540
DescriptionInteger underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-375-1, DSA-3443-1
Debian Bugs807694

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libpng (PTS)jessie, jessie (lts)1.2.50-2+deb8u3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libpngsourcesqueeze1.2.44-1+squeeze6DLA-375-1
libpngsourcewheezy1.2.49-1+deb7u2DSA-3443-1
libpngsourcejessie1.2.50-2+deb8u2DSA-3443-1
libpngsource(unstable)(unfixed)807694

Notes

https://www.openwall.com/lists/oss-security/2015/12/10/6
https://sourceforge.net/p/libpng/bugs/244/
http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
Fixed in 1.0.66, 1.2.56, 1.4.19, and 1.5.26

Search for package or bug name: Reporting problems