Oval Definition:oval:com.ubuntu.trusty:def:20158472000
Revision Date:2016-01-21Version:1
Title:CVE-2015-8472 on Ubuntu 14.04 LTS (trusty) - medium.
Description:Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2015-8472
Platform(s):Ubuntu 14.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 14.04 LTS (trusty) is installed.
  • AND Package Information
  • NOT While related to the CVE in some way, the 'chromium-browser' package in trusty is not affected (note: 'uses system libpng').
  • OR NOT While related to the CVE in some way, the 'firefox' package in trusty is not affected (note: 'doesn't use png_set_PLTE, see https://bugzilla.mozilla.org/show_bug.cgi?id=1224244#c0').
  • OR The 'libpng' package in trusty was vulnerable but has been fixed (note: '1.2.50-1ubuntu2.14.04.2').
  • OR NOT While related to the CVE in some way, the 'openjdk-6' package in trusty is not affected (note: 'uses system libpng').
  • OR NOT While related to the CVE in some way, the 'openjdk-7' package in trusty is not affected (note: 'uses system libpng').
  • OR NOT While related to the CVE in some way, the 'thunderbird' package in trusty is not affected (note: 'doesn't use png_set_PLTE, see https://bugzilla.mozilla.org/show_bug.cgi?id=1224244#c0').
    • BACK