正文

libpng 缓冲区错误漏洞

admin
admin V管理员 /0 评论 /6 阅读
0111
此篇文章发布距今已超过1266天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

libpng 缓冲区错误漏洞

  • CNNVD编号:CNNVD-201511-246
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2015-8126
  • 漏洞类型: 缓冲区错误
  • 发布时间: 2015-11-16
  • 威胁类型: 远程
  • 更新时间: 2021-05-18
  • 厂        商: apple
  • 漏洞来源:

漏洞简介

libpng是一个可对PNG图形文件实现创建、读写等操作的PNG参考库。

libpng的‘png_set_PLTE’和‘png_get_PLTE’函数中存在缓冲区溢出漏洞。远程攻击者可借助PNG图像中的IHDR数据块中较小的‘bit-depth’值利用该漏洞造成拒绝服务(应用程序崩溃)。

漏洞公告

目前厂商已经发布了升级补丁以修复此安全问题,详情请关注厂商主页:

http://www.libpng.org/pub/png/libpng.html

参考网址

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html

来源:BID

链接:https://www.securityfocus.com/bid/77568

来源:SUSE

链接:http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html

来源:MLIST

链接:http://www.openwall.com/lists/oss-security/2015/11/12/2

来源:FEDORA

链接:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html

来源:FEDORA

链接:http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html

来源:REDHAT

链接:http://rhn.redhat.com/errata/RHSA-2015-2594.html

来源:FEDORA

链接:http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html

来源:CONFIRM

链接:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html

来源:FEDORA

链接:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html

来源:APPLE

链接:http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

来源:FEDORA

链接:http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html

来源:GENTOO

链接:https://security.gentoo.org/glsa/201611-08

来源:REDHAT

链接:http://rhn.redhat.com/errata/RHSA-2015-2596.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2016:1430

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html

来源:DEBIAN

链接:https://www.debian.org/security/2015/dsa-3399

来源:REDHAT

链接:http://rhn.redhat.com/errata/RHSA-2016-0055.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html

来源:CONFIRM

链接:https://support.apple.com/HT206167

来源:FEDORA

链接:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html

来源:DEBIAN

链接:https://www.debian.org/security/2016/dsa-3507

来源:CONFIRM

链接:http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html

来源:CONFIRM

链接:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

来源:CONFIRM

链接:https://code.google.com/p/chromium/issues/detail?id=560291

来源:FEDORA

链接:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html

来源:FEDORA

链接:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html

来源:FEDORA

链接:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html

来源:REDHAT

链接:http://rhn.redhat.com/errata/RHSA-2016-0057.html

来源:FEDORA

链接:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html

来源:UBUNTU

链接:http://www.ubuntu.com/usn/USN-2815-1

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html

来源:REDHAT

链接:http://rhn.redhat.com/errata/RHSA-2016-0056.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html

来源:CONFIRM

链接:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

来源:FEDORA

链接:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html

来源:CONFIRM

链接:https://kc.mcafee.com/corporate/index?page=content&id=SB10148

来源:FEDORA

链接:http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html

来源:GENTOO

链接:https://security.gentoo.org/glsa/201603-09

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html

来源:REDHAT

链接:http://rhn.redhat.com/errata/RHSA-2015-2595.html

来源:SECTRACK

链接:http://www.securitytracker.com/id/1034142

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/

受影响实体

  • Apple Mac_os_x:10.11.3  
    <!--
    2000-1-1
    -->

补丁

  • libpng 缓冲区溢出漏洞的修复措施
    <!--
    2015-11-16
    -->