CVE-2015-8126

HIGH Year: 2015
CVSS v2 Score
7.5
High
Weakness Type
CWE-120
View all →

Vulnerability Description

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

Related Vulnerabilities

CVE-2017-16740

CRITICAL
CVSS:10.0(Critical)

A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has b...

CWE-1202017

CVE-2021-33972

CRITICAL
CVSS:10.0(Critical)

Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 allows attacker to escalate priveleges.

CWE-1202021

CVE-2021-33975

CRITICAL
CVSS:10.0(Critical)

Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges.

CWE-1202021

CVE-2022-20827

CRITICAL
CVSS:10.0(Critical)

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (D...

CWE-1202022

CVE-2022-22570

CRITICAL
CVSS:10.0(Critical)

A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control a...

CWE-1202022

CVE-2022-31481

CRITICAL
CVSS:10.0(Critical)

An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, ...

CWE-1202022