Bug 954980 (CVE-2015-8126) - VUL-0: CVE-2015-8126: libpng,libpng12,libpng15,libpng16: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
Summary: VUL-0: CVE-2015-8126: libpng,libpng12,libpng15,libpng16: Buffer overflow vul...
Status: RESOLVED FIXED
: CVE-2015-8472 (view as bug list)
Alias: CVE-2015-8126
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P2 - High : Major
Target Milestone: ---
Deadline: 2015-11-24
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/158808/
Whiteboard: CVSSv2:SUSE:CVE-2015-8126:4.3:(AV:L/...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-13 15:53 UTC by Andreas Stieger
Modified: 2022-02-13 11:07 UTC (History)
8 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-11-13 15:53:47 UTC 
rh#1281756

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions
in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before
1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to
cause a denial of service (application crash) or possibly have unspecified other
impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG
image.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126
http://www.openwall.com/lists/oss-security/2015/11/12/2
http://seclists.org/oss-sec/2015/q4/264
http://www.cvedetails.com/cve/CVE-2015-8126/
Comment 1 Swamp Workflow Management 2015-11-13 23:00:14 UTC 
bugbot adjusting priority
Comment 2 Marcus Meissner 2015-11-16 11:58:06 UTC 
receiving press attention. please submit
Comment 4 Petr Gajdos 2015-11-16 12:44:48 UTC 
security-team any of help? For example reproducer?
Comment 5 Sebastian Krahmer 2015-11-16 13:27:46 UTC 
We are not aware of any reproducers.
Comment 9 Bernhard Wiedemann 2015-11-16 15:00:26 UTC 
This is an autogenerated message for OBS integration:
This bug (954980) was mentioned in
https://build.opensuse.org/request/show/344753 13.2 / libpng16
https://build.opensuse.org/request/show/344754 13.2 / libpng12
https://build.opensuse.org/request/show/344755 13.1 / libpng12
https://build.opensuse.org/request/show/344756 13.1 / libpng16
Comment 13 Swamp Workflow Management 2015-11-17 07:55:55 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-11-24.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62336
Comment 14 Swamp Workflow Management 2015-11-18 13:11:44 UTC 
SUSE-SU-2015:2013-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 954980
CVE References: CVE-2015-8126
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    libpng16-1.6.8-8.1
SUSE Linux Enterprise Server 12 (src):    libpng16-1.6.8-8.1
SUSE Linux Enterprise Desktop 12 (src):    libpng16-1.6.8-8.1
Comment 15 Swamp Workflow Management 2015-11-18 13:13:28 UTC 
SUSE-SU-2015:2017-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 952051,954980
CVE References: CVE-2015-7981,CVE-2015-8126
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libpng12-0-1.2.31-5.35.1
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    libpng12-0-1.2.31-5.35.1
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    libpng12-0-1.2.31-5.35.1
SUSE Linux Enterprise Server 11-SP4 (src):    libpng12-0-1.2.31-5.35.1
SUSE Linux Enterprise Server 11-SP3 (src):    libpng12-0-1.2.31-5.35.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    libpng12-0-1.2.31-5.35.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    libpng12-0-1.2.31-5.35.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libpng12-0-1.2.31-5.35.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    libpng12-0-1.2.31-5.35.1
Comment 16 Swamp Workflow Management 2015-11-18 13:17:35 UTC 
SUSE-SU-2015:2024-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 952051,954980
CVE References: CVE-2015-7981,CVE-2015-8126
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    libpng12-1.2.50-10.1
SUSE Linux Enterprise Server 12 (src):    libpng12-1.2.50-10.1
SUSE Linux Enterprise Desktop 12 (src):    libpng12-1.2.50-10.1
Comment 17 Swamp Workflow Management 2015-11-25 20:14:00 UTC 
openSUSE-SU-2015:2099-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 952051,954980
CVE References: CVE-2015-7981,CVE-2015-8126
Sources used:
openSUSE 13.2 (src):    libpng12-1.2.51-3.3.1
openSUSE 13.1 (src):    libpng12-1.2.50-6.7.1
Comment 18 Swamp Workflow Management 2015-11-25 20:14:15 UTC 
openSUSE-SU-2015:2100-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 954980
CVE References: CVE-2015-8126
Sources used:
openSUSE 13.2 (src):    libpng16-1.6.13-2.7.1
openSUSE 13.1 (src):    libpng16-1.6.6-19.1
Comment 19 Swamp Workflow Management 2015-11-27 16:19:34 UTC 
openSUSE-SU-2015:2135-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 954980
CVE References: CVE-2015-8126
Sources used:
openSUSE Leap 42.1 (src):    libpng16-1.6.8-4.1
Comment 20 Swamp Workflow Management 2015-11-27 16:19:58 UTC 
openSUSE-SU-2015:2136-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 952051,954980
CVE References: CVE-2015-7981,CVE-2015-8126
Sources used:
openSUSE Leap 42.1 (src):    libpng12-1.2.50-5.1
Comment 21 Sebastian Krahmer 2015-11-30 14:33:41 UTC 
released
Comment 22 Petr Gajdos 2015-12-03 14:36:21 UTC 
libpng15 @ 12sp1 remains.
See sr#84330.
Comment 24 Petr Gajdos 2015-12-03 15:05:25 UTC 
By the way, the fix was incomplete, new libpngs are just released.

Haste makes waste.

Maybe time to submit?
Comment 25 Petr Gajdos 2015-12-03 15:57:58 UTC 
According to announcement:

[...]
>   Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
>     not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
>     vulnerability.
[...]

I assume the correction is in following commit:

https://github.com/glennrp/libpng/commit/0a9afc12dea0949c2040a42ad1342f7a4b6296f2
Comment 26 Petr Gajdos 2015-12-03 16:45:27 UTC 
All packages submitted.
Comment 29 Bernhard Wiedemann 2015-12-03 17:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (954980) was mentioned in
https://build.opensuse.org/request/show/347351 13.2 / libpng12
https://build.opensuse.org/request/show/347352 13.2 / libpng16
https://build.opensuse.org/request/show/347353 13.1 / libpng12
https://build.opensuse.org/request/show/347354 13.1 / libpng16
Comment 31 Swamp Workflow Management 2015-12-14 12:10:45 UTC 
openSUSE-SU-2015:2262-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 954980
CVE References: CVE-2015-8126
Sources used:
openSUSE 13.2 (src):    libpng16-1.6.13-2.10.1
openSUSE 13.1 (src):    libpng16-1.6.6-22.1
Comment 32 Swamp Workflow Management 2015-12-14 12:11:02 UTC 
openSUSE-SU-2015:2263-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 954980
CVE References: CVE-2015-8126
Sources used:
openSUSE 13.2 (src):    libpng12-1.2.51-3.6.1
openSUSE 13.1 (src):    libpng12-1.2.50-6.10.1
Comment 33 Swamp Workflow Management 2016-01-05 18:12:16 UTC 
SUSE-SU-2016:0027-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 954980
CVE References: CVE-2015-8126
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libpng16-1.6.8-11.1
SUSE Linux Enterprise Software Development Kit 12 (src):    libpng16-1.6.8-11.1
SUSE Linux Enterprise Server 12-SP1 (src):    libpng16-1.6.8-11.1
SUSE Linux Enterprise Server 12 (src):    libpng16-1.6.8-11.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libpng16-1.6.8-11.1
SUSE Linux Enterprise Desktop 12 (src):    libpng16-1.6.8-11.1
Comment 34 Swamp Workflow Management 2016-01-07 13:12:31 UTC 
SUSE-SU-2016:0041-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 954980
CVE References: CVE-2015-8126
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    libpng15-1.5.22-4.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libpng15-1.5.22-4.1
Comment 35 Swamp Workflow Management 2016-01-07 16:15:18 UTC 
SUSE-SU-2016:0050-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 954980
CVE References: CVE-2015-8126
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libpng12-1.2.50-13.1
SUSE Linux Enterprise Software Development Kit 12 (src):    libpng12-1.2.50-13.1
SUSE Linux Enterprise Server 12-SP1 (src):    libpng12-1.2.50-13.1
SUSE Linux Enterprise Server 12 (src):    libpng12-1.2.50-13.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libpng12-1.2.50-13.1
SUSE Linux Enterprise Desktop 12 (src):    libpng12-1.2.50-13.1
Comment 36 Andreas Stieger 2016-01-08 14:58:43 UTC 
Releasing libpng12-0 for SLE 11 SP1 / SP3, which is the last one.
Comment 37 Swamp Workflow Management 2016-01-08 18:11:53 UTC 
SUSE-SU-2016:0061-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 954980
CVE References: CVE-2015-8126
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libpng12-0-1.2.31-5.38.1
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    libpng12-0-1.2.31-5.38.1
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    libpng12-0-1.2.31-5.38.1
SUSE Linux Enterprise Server 11-SP4 (src):    libpng12-0-1.2.31-5.38.1
SUSE Linux Enterprise Server 11-SP3 (src):    libpng12-0-1.2.31-5.38.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    libpng12-0-1.2.31-5.38.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    libpng12-0-1.2.31-5.38.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libpng12-0-1.2.31-5.38.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    libpng12-0-1.2.31-5.38.1
Comment 38 Swamp Workflow Management 2016-01-13 17:11:17 UTC 
openSUSE-SU-2016:0103-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 954980
CVE References: CVE-2015-8126
Sources used:
openSUSE Leap 42.1 (src):    libpng12-1.2.50-8.1
Comment 39 Swamp Workflow Management 2016-01-13 17:11:41 UTC 
openSUSE-SU-2016:0104-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 954980
CVE References: CVE-2015-8126
Sources used:
openSUSE Leap 42.1 (src):    libpng15-1.5.22-4.1
Comment 40 Swamp Workflow Management 2016-01-13 17:11:58 UTC 
openSUSE-SU-2016:0105-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 954980
CVE References: CVE-2015-8126
Sources used:
openSUSE Leap 42.1 (src):    libpng16-1.6.8-7.1
Comment 41 Swamp Workflow Management 2016-06-22 12:10:36 UTC 
openSUSE-SU-2016:1652-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 952051,954980,984382
CVE References: CVE-2015-7981,CVE-2015-8126,CVE-2016-1514,CVE-2016-1515,CVE-2016-5108
Sources used:
openSUSE Leap 42.1 (src):    vlc-2.2.4-27.1
Comment 42 Marcus Meissner 2016-08-29 06:38:05 UTC 
*** Bug 958198 has been marked as a duplicate of this bug. ***