{"dataType":"CVE_RECORD","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2015-0973","assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","dateUpdated":"2025-06-09T15:25:54.990Z","dateReserved":"2015-01-10T00:00:00.000Z","datePublished":"2015-01-18T18:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc","dateUpdated":"2024-07-19T13:06:22.903Z"},"descriptions":[{"lang":"en","value":"Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"name":"APPLE-SA-2016-03-21-5","tags":["vendor-advisory"],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"},{"url":"https://support.apple.com/HT206167"},{"name":"[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available","tags":["mailing-list"],"url":"http://sourceforge.net/p/png-mng/mailman/message/33173461/"},{"name":"[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2015/01/10/1"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"},{"name":"[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2015/01/10/3"},{"name":"62725","tags":["third-party-advisory"],"url":"http://secunia.com/advisories/62725"},{"url":"http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt"},{"url":"https://security.netapp.com/advisory/ntap-20240719-0005/"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}],"datePublic":"2014-12-18T00:00:00.000Z"},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T04:26:11.624Z"},"title":"CVE Program Container","references":[{"name":"APPLE-SA-2016-03-21-5","tags":["vendor-advisory","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"},{"url":"https://support.apple.com/HT206167","tags":["x_transferred"]},{"name":"[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available","tags":["mailing-list","x_transferred"],"url":"http://sourceforge.net/p/png-mng/mailman/message/33173461/"},{"name":"[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2015/01/10/1"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html","tags":["x_transferred"]},{"name":"[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2015/01/10/3"},{"name":"62725","tags":["third-party-advisory","x_transferred"],"url":"http://secunia.com/advisories/62725"},{"url":"http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20240719-0005/","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-120","lang":"en","description":"CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.8,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-06-09T15:25:31.669215Z","id":"CVE-2015-0973","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-09T15:25:54.990Z"}}]},"dataVersion":"5.1"}