CVE-2015-7981: Exposure of Sensitive Information to an Unauthorized Actor

November 24, 2015 (updated July 1, 2017)

The png_convert_to_rfc1123 function in png.c in libpng allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

References

nvd.nist.gov/vuln/detail/CVE-2015-7981

Detect and mitigate CVE-2015-7981 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →