Details of VAR-201601-0495

ID

VAR-201601-0495

CVE

CVE-2015-8472

TITLE

libpng of png_set_PLTE Buffer overflow vulnerability in functions

Trust: 0.8

sources: JVNDB: JVNDB-2015-006846

DESCRIPTION

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. libpng of png_set_PLTE The function contains a buffer overflow vulnerability. The following versions are affected: libpng prior to 1.0.65, 1.1.x and 1.2.x prior to 1.2.55, 1.3.x, 1.4.x prior to 1.4.18, 1.5.x prior to 1.5.25, 1.6 1.6.x versions prior to .20. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All running instances of Oracle Java must be restarted for the update to take effect. Bugs fixed (https://bugzilla.redhat.com/): 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543) 1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054) 1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710) 1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962) 1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017) 6. 7) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libpng security update Advisory ID: RHSA-2015:2594-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2594.html Issue date: 2015-12-09 CVE Names: CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 ===================================================================== 1. Summary: Updated libpng packages that fix three security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981) All libpng users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libpng-1.2.49-2.el6_7.src.rpm i386: libpng-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm x86_64: libpng-1.2.49-2.el6_7.i686.rpm libpng-1.2.49-2.el6_7.x86_64.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-static-1.2.49-2.el6_7.i686.rpm x86_64: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.x86_64.rpm libpng-static-1.2.49-2.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: libpng-1.2.49-2.el6_7.src.rpm x86_64: libpng-1.2.49-2.el6_7.i686.rpm libpng-1.2.49-2.el6_7.x86_64.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.x86_64.rpm libpng-static-1.2.49-2.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libpng-1.2.49-2.el6_7.src.rpm i386: libpng-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm ppc64: libpng-1.2.49-2.el6_7.ppc.rpm libpng-1.2.49-2.el6_7.ppc64.rpm libpng-debuginfo-1.2.49-2.el6_7.ppc.rpm libpng-debuginfo-1.2.49-2.el6_7.ppc64.rpm libpng-devel-1.2.49-2.el6_7.ppc.rpm libpng-devel-1.2.49-2.el6_7.ppc64.rpm s390x: libpng-1.2.49-2.el6_7.s390.rpm libpng-1.2.49-2.el6_7.s390x.rpm libpng-debuginfo-1.2.49-2.el6_7.s390.rpm libpng-debuginfo-1.2.49-2.el6_7.s390x.rpm libpng-devel-1.2.49-2.el6_7.s390.rpm libpng-devel-1.2.49-2.el6_7.s390x.rpm x86_64: libpng-1.2.49-2.el6_7.i686.rpm libpng-1.2.49-2.el6_7.x86_64.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-static-1.2.49-2.el6_7.i686.rpm ppc64: libpng-debuginfo-1.2.49-2.el6_7.ppc64.rpm libpng-static-1.2.49-2.el6_7.ppc64.rpm s390x: libpng-debuginfo-1.2.49-2.el6_7.s390x.rpm libpng-static-1.2.49-2.el6_7.s390x.rpm x86_64: libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-static-1.2.49-2.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libpng-1.2.49-2.el6_7.src.rpm i386: libpng-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm x86_64: libpng-1.2.49-2.el6_7.i686.rpm libpng-1.2.49-2.el6_7.x86_64.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-static-1.2.49-2.el6_7.i686.rpm x86_64: libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-static-1.2.49-2.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7981 https://access.redhat.com/security/cve/CVE-2015-8126 https://access.redhat.com/security/cve/CVE-2015-8472 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWaENsXlSAg2UNWIIRAoUpAJ9Nlo47EQRO6dLZCmTorScK3JsMfACdF3ZW 1H8Hq0Bx4u9dJmTNDBAMHS8= =fXjS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue

Trust: 2.43

sources: NVD: CVE-2015-8472 // JVNDB: JVNDB-2015-006846 // VULHUB: VHN-86433 // VULMON: CVE-2015-8472 // PACKETSTORM: 135555 // PACKETSTORM: 135556 // PACKETSTORM: 135339 // PACKETSTORM: 135338 // PACKETSTORM: 134720 // PACKETSTORM: 134722 // PACKETSTORM: 137932

AFFECTED PRODUCTS

vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.15	Trust: 1.6
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.4	Trust: 1.6
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.16	Trust: 1.6
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.5	Trust: 1.6
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.17	Trust: 1.6
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.14	Trust: 1.6
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.1	Trust: 1.6
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.6	Trust: 1.6
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.2	Trust: 1.6
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.3	Trust: 1.6
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.3	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.6	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.10	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.11	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.36	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.50	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.44	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.28	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.22	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.33	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.53	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.24	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.45	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.12	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.46	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.14	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.7	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.3	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.49	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.39	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.42	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.10	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.20	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.15	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.47	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.21	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.27	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.8	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.17	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.52	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.18	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.29	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.12	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.2	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.3	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.16	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.14	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.17	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.0.64	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.40	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.5	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.25	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.9	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.31	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.13	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.1	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.15	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.51	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.10	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.23	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.11	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.30	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.9	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.15	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.11	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.12	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.5	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.20	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.10	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.35	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.17	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.6	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.24	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.38	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.0	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.12	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.16	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.18	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.32	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.18	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.54	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.2	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.19	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.7	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.22	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.3	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.13	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.16	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.11	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.13	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.14	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.48	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.7	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.4	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.8	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.26	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.41	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.43	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.21	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.9	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.19	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.8	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.13	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.0	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.23	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.4.4	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.0	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.34	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.5.19	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.6.4	Trust: 1.0
vendor:	libpng	model:	libpng	scope:	eq	version:	1.2.37	Trust: 1.0
vendor:	png group	model:	libpng	scope:	lt	version:	1.6.x	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11 to 10.11.3	Trust: 0.8
vendor:	png group	model:	libpng	scope:	eq	version:	1.1.x	Trust: 0.8
vendor:	png group	model:	libpng	scope:	eq	version:	1.5.25	Trust: 0.8
vendor:	png group	model:	libpng	scope:	eq	version:	1.2.55	Trust: 0.8
vendor:	oracle	model:	jdk	scope:	eq	version:	7 update 91	Trust: 0.8
vendor:	oracle	model:	jdk	scope:	eq	version:	6 update 105	Trust: 0.8
vendor:	oracle	model:	jre	scope:	eq	version:	7 update 91	Trust: 0.8
vendor:	oracle	model:	jre	scope:	eq	version:	6 update 105	Trust: 0.8
vendor:	png group	model:	libpng	scope:	lt	version:	1.5.x	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.5	Trust: 0.8
vendor:	png group	model:	libpng	scope:	eq	version:	1.4.18	Trust: 0.8
vendor:	png group	model:	libpng	scope:	eq	version:	1.6.20	Trust: 0.8
vendor:	oracle	model:	java se	scope:	eq	version:	embedded 8 update 65	Trust: 0.8
vendor:	oracle	model:	jdk	scope:	eq	version:	8 update 66	Trust: 0.8
vendor:	oracle	model:	jre	scope:	eq	version:	8 update 66	Trust: 0.8
vendor:	png group	model:	libpng	scope:	lt	version:	1.4.x	Trust: 0.8
vendor:	png group	model:	libpng	scope:	lt	version:	1.2.x	Trust: 0.8
vendor:	png group	model:	libpng	scope:	eq	version:	1.3.x	Trust: 0.8

sources: CNNVD: CNNVD-201512-189 // JVNDB: JVNDB-2015-006846 // NVD: CVE-2015-8472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-8472
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-8472
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201512-189
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-86433
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-8472
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-8472
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-86433
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-8472
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-86433 // VULMON: CVE-2015-8472 // CNNVD: CNNVD-201512-189 // JVNDB: JVNDB-2015-006846 // NVD: CVE-2015-8472

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-86433 // JVNDB: JVNDB-2015-006846 // NVD: CVE-2015-8472

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-189

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201512-189

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006846

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-86433

PATCH

title:	APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	Trust: 0.8
title:	HT206167	url:	https://support.apple.com/en-us/HT206167	Trust: 0.8
title:	HT206167	url:	https://support.apple.com/ja-jp/HT206167	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - January 2016	url:	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	Trust: 0.8
title:	January 2016 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/january_2016_critical_patch_update	Trust: 0.8
title:	libpng10 / 1.0.65	url:	http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/	Trust: 0.8
title:	libpng12 / 1.2.55	url:	http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/	Trust: 0.8
title:	libpng14 / 1.4.18	url:	http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/	Trust: 0.8
title:	libpng15 / 1.5.25	url:	http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/	Trust: 0.8
title:	libpng16 / 1.6.20	url:	http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/	Trust: 0.8
title:	TLSA-2016-11	url:	http://www.turbolinux.co.jp/security/2016/TLSA-2016-11j.html	Trust: 0.8
title:	Oracle Corporation Javaプラグインの脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/oracle/20160120.html	Trust: 0.8
title:	libpng Buffer Overflow Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59039	Trust: 0.6
title:	Red Hat: Moderate: libpng security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152596 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: libpng12 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152595 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: libpng security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152594 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: libpng: CVE-2015-8540: read underflow in libpng	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=0a130e26709c1ba00694161c08b9c604	Trust: 0.1
title:	Ubuntu Security Notice: libpng vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2861-1	Trust: 0.1
title:	Debian CVElist Bug Report Logs: libpng: Incomplete fix for CVE-2015-8126	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=386e683fecec564e81371b5dca873869	Trust: 0.1
title:	Debian Security Advisories: DSA-3443-1 libpng -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=57e4bc5fc071e2986f7cef65414ffe23	Trust: 0.1
title:	Red Hat: CVE-2015-8472	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-8472	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2015-615	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-615	Trust: 0.1
title:	Apple: OS X El Capitan v10.11.4 and Security Update 2016-002	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ef054ba76412200e34091eb91c38c281	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=435ed9abc2fb1e74ce2a69605a01e326	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=63802a6c83b107c4e6e0c7f9241a66a8	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c36fc403a4c2c6439b732d2fca738f58	Trust: 0.1
title:	clair-lab	url:	https://github.com/sjourdan/clair-lab	Trust: 0.1

sources: VULMON: CVE-2015-8472 // CNNVD: CNNVD-201512-189 // JVNDB: JVNDB-2015-006846

EXTERNAL IDS

db:	NVD	id:	CVE-2015-8472	Trust: 3.3
db:	OPENWALL	id:	OSS-SECURITY/2015/12/03/6	Trust: 1.2
db:	MCAFEE	id:	SB10148	Trust: 1.2
db:	BID	id:	78624	Trust: 1.2
db:	JVN	id:	JVNVU97668313	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006846	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-189	Trust: 0.7
db:	PACKETSTORM	id:	135153	Trust: 0.1
db:	PACKETSTORM	id:	135265	Trust: 0.1
db:	PACKETSTORM	id:	134874	Trust: 0.1
db:	VULHUB	id:	VHN-86433	Trust: 0.1
db:	VULMON	id:	CVE-2015-8472	Trust: 0.1
db:	PACKETSTORM	id:	135555	Trust: 0.1
db:	PACKETSTORM	id:	135556	Trust: 0.1
db:	PACKETSTORM	id:	135339	Trust: 0.1
db:	PACKETSTORM	id:	135338	Trust: 0.1
db:	PACKETSTORM	id:	134720	Trust: 0.1
db:	PACKETSTORM	id:	134722	Trust: 0.1
db:	PACKETSTORM	id:	137932	Trust: 0.1

sources: VULHUB: VHN-86433 // VULMON: CVE-2015-8472 // PACKETSTORM: 135555 // PACKETSTORM: 135556 // PACKETSTORM: 135339 // PACKETSTORM: 135338 // PACKETSTORM: 134720 // PACKETSTORM: 134722 // PACKETSTORM: 137932 // CNNVD: CNNVD-201512-189 // JVNDB: JVNDB-2015-006846 // NVD: CVE-2015-8472

REFERENCES

url:	http://www.securityfocus.com/bid/78624	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2015-2594.html	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2015-2596.html	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2016-0055.html	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2016-0057.html	Trust: 1.3
url:	https://access.redhat.com/errata/rhsa-2016:1430	Trust: 1.3
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html	Trust: 1.2
url:	http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/	Trust: 1.2
url:	http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/	Trust: 1.2
url:	http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/	Trust: 1.2
url:	http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/	Trust: 1.2
url:	http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/	Trust: 1.2
url:	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	Trust: 1.2
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	Trust: 1.2
url:	https://support.apple.com/ht206167	Trust: 1.2
url:	http://www.debian.org/security/2016/dsa-3443	Trust: 1.2
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-january/174936.html	Trust: 1.2
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-january/175073.html	Trust: 1.2
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-january/174905.html	Trust: 1.2
url:	http://www.openwall.com/lists/oss-security/2015/12/03/6	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2015-2595.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2016-0056.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html	Trust: 1.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10148	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8472	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20160120-jre.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2016/at160005.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97668313	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8472	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8472	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2015-8126	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8126	Trust: 0.7
url:	https://access.redhat.com/articles/11258	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/team/key/	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2015-8472	Trust: 0.7
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2016-0448	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2016-0483	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2016-0402	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2016-0466	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2016-0494	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0448	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7575	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0466	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2015-7575	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0483	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0494	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0402	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5041	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2015-7981	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2015-5041	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7981	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.3
url:	http://www.ibm.com/developerworks/java/jdk/alerts/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-8540	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8540	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-0475	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0475	Trust: 0.2
url:	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#appendixjava	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10148	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2015:2596	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/2861-1/	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=43094	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-0100.html	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-0098.html	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4883	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4840	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-3422	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4882	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4903	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4872	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4844	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4806	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-3449	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0363	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-0264	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4871	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4860	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4893	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4871	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0376	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4803	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4840	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-0376	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4734	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4860	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4842	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4835	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4903	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4805	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4902	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4883	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4810	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4805	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4893	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-3443	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-0363	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4882	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4842	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4843	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4835	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4810	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4902	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4872	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-0686	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-3426	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4734	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4803	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4806	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4844	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-5006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-3427	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-0687	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0264	Trust: 0.1

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 135555 // PACKETSTORM: 135556 // PACKETSTORM: 135339 // PACKETSTORM: 135338 // PACKETSTORM: 134720 // PACKETSTORM: 134722 // PACKETSTORM: 137932

SOURCES

db:	VULHUB	id:	VHN-86433
db:	VULMON	id:	CVE-2015-8472
db:	PACKETSTORM	id:	135555
db:	PACKETSTORM	id:	135556
db:	PACKETSTORM	id:	135339
db:	PACKETSTORM	id:	135338
db:	PACKETSTORM	id:	134720
db:	PACKETSTORM	id:	134722
db:	PACKETSTORM	id:	137932
db:	CNNVD	id:	CNNVD-201512-189
db:	JVNDB	id:	JVNDB-2015-006846
db:	NVD	id:	CVE-2015-8472

LAST UPDATE DATE

2025-09-30T20:45:34.319000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-86433	date:	2017-11-04T00:00:00
db:	VULMON	id:	CVE-2015-8472	date:	2017-11-04T00:00:00
db:	CNNVD	id:	CNNVD-201512-189	date:	2021-05-18T00:00:00
db:	JVNDB	id:	JVNDB-2015-006846	date:	2016-05-31T00:00:00
db:	NVD	id:	CVE-2015-8472	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-86433	date:	2016-01-21T00:00:00
db:	VULMON	id:	CVE-2015-8472	date:	2016-01-21T00:00:00
db:	PACKETSTORM	id:	135555	date:	2016-02-02T16:43:57
db:	PACKETSTORM	id:	135556	date:	2016-02-02T16:44:07
db:	PACKETSTORM	id:	135339	date:	2016-01-21T14:47:36
db:	PACKETSTORM	id:	135338	date:	2016-01-21T14:47:29
db:	PACKETSTORM	id:	134720	date:	2015-12-10T00:39:58
db:	PACKETSTORM	id:	134722	date:	2015-12-10T00:40:23
db:	PACKETSTORM	id:	137932	date:	2016-07-18T19:51:43
db:	CNNVD	id:	CNNVD-201512-189	date:	2015-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-006846	date:	2016-01-27T00:00:00
db:	NVD	id:	CVE-2015-8472	date:	2016-01-21T15:59:00.117