What is CVE-2015-8540?

CVE-2015-8540 is a high-severity vulnerability in Libpng, classified under CWE-189. CVSS score: 8.8/10. Published 2016-04-14.

How severe is CVE-2015-8540?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2015-8540 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Libpng

CVE-2015-8540

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspe…

EPSS: 0.135 (94.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Libpng — versions 1.2.0, 1.2.1, 1.2.2
Debian Debian_linux — versions 6.0
Fedoraproject Fedora — versions 23
Redhat Enterprise_linux_desktop_supplementary — versions 5.0, 6.0
Redhat Enterprise_linux_hpc_node — versions 6.0
Redhat Enterprise_linux_server_supplementary — versions 5.0, 6.0
Redhat Enterprise_linux_workstation_supplementary — versions 6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-189

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM, Patch)
GLSA-201611-08 (vendor-advisory, x_refsource_GENTOO)
[oss-security] 20151211 Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Patch)
RHSA-2016:1430 (x_refsource_REDHAT, vendor-advisory)
[oss-security] 20151210 CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Patch)
[oss-security] 20151211 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2015-8540?: CVE-2015-8540 is a high-severity vulnerability in Libpng, classified under CWE-189. CVSS score: 8.8/10. Published 2016-04-14.
How severe is CVE-2015-8540?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2015-8540 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.