Unrated severityNVD Advisory· Published Nov 24, 2015· Updated Jun 17, 2026
CVE-2015-7981
CVE-2015-7981
Description
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
187cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*+ 140 more
- cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.33:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.34:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.35:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.37:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.38:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.39:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.40:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.41:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.42:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.43:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.44:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.45:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.46:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.47:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.48:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.50:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.51:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.52:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.53:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.54:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.55:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.55:rc01:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.56:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.56:devel:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.57:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.57:rc01:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.58:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.59:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.60:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.61:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.62:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.63:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.43:devel:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.45:devel:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.46:devel:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.47:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.48:betas:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*
- (no CPE)range: <1.0.64, <1.2.54, <1.4.17
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- osv-coords28 versionspkg:rpm/opensuse/vlc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/java-1_6_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2012pkg:rpm/suse/java-1_6_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/java-1_6_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/libpng12-0&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/libpng12-0&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/libpng12-0&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3pkg:rpm/suse/libpng12-0&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/libpng12-0&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libpng12-0&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3pkg:rpm/suse/libpng12-0&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/libpng12-0&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP3pkg:rpm/suse/libpng12-0&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libpng12&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/libpng12&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/libpng12&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/libpng12&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 2.2.4-11.1+ 27 more
- (no CPE)range: < 2.2.4-11.1
- (no CPE)range: < 1.6.0_sr16.20-30.1
- (no CPE)range: < 1.6.0_sr16.20-49.1
- (no CPE)range: < 1.6.0_sr16.20-51.1
- (no CPE)range: < 1.7.0_sr9.30-45.1
- (no CPE)range: < 1.7.0_sr9.30-47.1
- (no CPE)range: < 1.7.1_sr3.30-9.1
- (no CPE)range: < 1.7.1_sr3.30-21.1
- (no CPE)range: < 1.7.1_sr3.30-21.1
- (no CPE)range: < 1.7.1_sr3.30-9.1
- (no CPE)range: < 1.7.1_sr3.30-21.1
- (no CPE)range: < 1.7.1_sr3.30-21.1
- (no CPE)range: < 1.7.1_sr3.30-9.1
- (no CPE)range: < 1.7.1_sr3.30-21.1
- (no CPE)range: < 1.7.1_sr3.30-21.1
- (no CPE)range: < 1.2.31-5.35.1
- (no CPE)range: < 1.2.31-5.35.1
- (no CPE)range: < 1.2.31-5.35.1
- (no CPE)range: < 1.2.31-5.35.1
- (no CPE)range: < 1.2.31-5.35.1
- (no CPE)range: < 1.2.31-5.35.1
- (no CPE)range: < 1.2.31-5.35.1
- (no CPE)range: < 1.2.31-5.35.1
- (no CPE)range: < 1.2.31-5.35.1
- (no CPE)range: < 1.2.50-10.1
- (no CPE)range: < 1.2.50-10.1
- (no CPE)range: < 1.2.50-10.1
- (no CPE)range: < 1.2.50-10.1
Patches
Vulnerability mechanics
References
21- sourceforge.net/projects/libpng/files/libpng12/1.2.54/nvdPatch
- sourceforge.net/projects/libpng/files/libpng14/1.4.17/nvdExploit
- lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-11/msg00160.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2594.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2595.htmlnvd
- sourceforge.net/p/libpng/bugs/241/nvd
- sourceforge.net/projects/libpng/files/libpng10/1.0.64/nvd
- www.debian.org/security/2015/dsa-3399nvd
- www.openwall.com/lists/oss-security/2015/10/26/1nvd
- www.openwall.com/lists/oss-security/2015/10/26/3nvd
- www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlnvd
- www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlnvd
- www.securityfocus.com/bid/77304nvd
- www.securitytracker.com/id/1034393nvd
- www.ubuntu.com/usn/USN-2815-1nvd
- access.redhat.com/errata/RHSA-2016:1430nvd
- security.gentoo.org/glsa/201611-08nvd
News mentions
0No linked articles in our index yet.