Strix
26.1K

CVE-2015-8472

UnknownEPSS 6.05%

Last modified

CVE-2015-8472 is a vulnerability of currently unknown severity. Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.. EPSS estimates a 6.05% chance of exploitation in the next 30 days.

Description

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

Metrics

EPSS Probability
6.05%

92.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AppleMac Os X<= 10.11.3
LibpngLibpng1.0.64
LibpngLibpng1.2.0
LibpngLibpng1.2.1
LibpngLibpng1.2.2
LibpngLibpng1.2.3
LibpngLibpng1.2.4
LibpngLibpng1.2.10
LibpngLibpng1.2.11
LibpngLibpng1.2.12
LibpngLibpng1.2.13
LibpngLibpng1.2.14
LibpngLibpng1.2.15
LibpngLibpng1.2.16
LibpngLibpng1.2.17
LibpngLibpng1.2.18
LibpngLibpng1.2.19
LibpngLibpng1.2.20
LibpngLibpng1.2.21
LibpngLibpng1.2.22
LibpngLibpng1.2.23
LibpngLibpng1.2.24
LibpngLibpng1.2.25
LibpngLibpng1.2.26
LibpngLibpng1.2.27
LibpngLibpng1.2.28
LibpngLibpng1.2.29
LibpngLibpng1.2.30
LibpngLibpng1.2.31
LibpngLibpng1.2.32
LibpngLibpng1.2.33
LibpngLibpng1.2.34
LibpngLibpng1.2.35
LibpngLibpng1.2.36
LibpngLibpng1.2.37
LibpngLibpng1.2.38
LibpngLibpng1.2.39
LibpngLibpng1.2.40
LibpngLibpng1.2.41
LibpngLibpng1.2.42
LibpngLibpng1.2.43
LibpngLibpng1.2.44
LibpngLibpng1.2.45
LibpngLibpng1.2.46
LibpngLibpng1.2.47
LibpngLibpng1.2.48
LibpngLibpng1.2.49
LibpngLibpng1.2.50
LibpngLibpng1.2.51
LibpngLibpng1.2.52

Showing 50 of 114 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2015-8472?
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
How severe is CVE-2015-8472?
Severity scoring for CVE-2015-8472 is pending analysis. The EPSS model estimates a 6.05% probability of exploitation in the next 30 days.
How do I fix CVE-2015-8472?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-8472?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST