melsorg / github-scanner-test

Dummy repository for testing the GitHub scanner
0 stars 0 forks source link

CVE-2015-0973 (High) detected in dplus-browser-fltk130s - autoclosed #61

Closed mend-bolt-for-github[bot] closed 3 years ago

mend-bolt-for-github[bot] commented 5 years ago

CVE-2015-0973 - High Severity Vulnerability

Vulnerable Library - dplus-browserfltk130s

Library home page: https://sourceforge.net/projects/dplus-browser/

Found in HEAD commit: 38c8615a6d0a047787b5e7401328782154ba03e4

Library Source Files (6)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

- /github-scanner-test/libpng/pngpriv.h - /github-scanner-test/libpng/pngpread.c - /github-scanner-test/libpng/pngread.c - /github-scanner-test/libpng/pngwrite.c - /github-scanner-test/libpng/pngrtran.c - /github-scanner-test/libpng/pngrutil.c

Vulnerability Details

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

Publish Date: 2015-01-18

URL: CVE-2015-0973

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-0973

Release Date: 2015-01-18

Fix Resolution: 1.5.21,1.6.16


Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] commented 3 years ago

:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #62