漏洞信息详情
libpng 缓冲区错误漏洞
- CNNVD编号:CNNVD-201511-246
- 危害等级: 高危
- CVE编号: CVE-2015-8126
- 漏洞类型: 缓冲区错误
- 发布时间: 2015-11-16
- 威胁类型: 远程
- 更新时间: 2022-05-16
- 厂 商: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
- 漏洞来源:
漏洞简介
libpng是一个可对PNG图形文件实现创建、读写等操作的PNG参考库。
libpng的‘png_set_PLTE’和‘png_get_PLTE’函数中存在缓冲区错误漏洞。远程攻击者可借助PNG图像中的IHDR数据块中较小的‘bit-depth’值利用该漏洞造成拒绝服务(应用程序崩溃)。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,详情请关注厂商主页:
http://www.libpng.org/pub/png/libpng.HTML
参考网址
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.HTML
来源:BID
链接:https://www.securityfocus.com/bid/77568
来源:SUSE
链接:http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.HTML
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2015/11/12/2
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.HTML
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.HTML
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2015-2594.HTML
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.HTML
来源:CONFIRM
链接:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.HTML
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.HTML
来源:CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2016/Mar/msg00004.HTML
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.HTML
来源:GENTOO
链接:https://security.gentoo.org/glsa/201611-08
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2015-2596.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.HTML
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2016:1430
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.HTML
来源:DEBIAN
链接:https://www.debian.org/security/2015/dsa-3399
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2016-0055.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.HTML
来源:CONFIRM
链接:https://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/HT206167
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.HTML
来源:DEBIAN
链接:https://www.debian.org/security/2016/dsa-3507
来源:CONFIRM
链接:http://GoogleCMS.zone.ci/e/tags/htag.php?tag=Chrome target=_blank class=infotextkey>Chromereleases.blogspot.com/2016/03/stable-channel-update.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.HTML
来源:CONFIRM
链接:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.HTML
来源:CONFIRM
链接:https://code.Google.com/p/chromium/issues/detail?id=560291
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.HTML
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.HTML
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.HTML
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2016-0057.HTML
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.HTML
来源:UBUNTU
链接:http://www.ubuntu.com/usn/USN-2815-1
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.HTML
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2016-0056.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.HTML
来源:CONFIRM
链接:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.HTML
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.HTML
来源:CONFIRM
链接:https://kc.mcafee.com/corporate/index?page=content&id=SB10148
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.HTML
来源:GENTOO
链接:https://security.gentoo.org/glsa/201603-09
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.HTML
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2015-2595.HTML
来源:SECTRACK
链接:http://www.securitytracker.com/id/1034142
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/
受影响实体
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.11.3
补丁
- libpng 缓冲区溢出漏洞的修复措施
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论