Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2015-7507
CVE-2015-7507:
Linux Debian vulnerability analysis and mitigation
Overview
libnsbmp.c in Libnsbmp 0.1.2 is a decoding library for BMP and ICO files, primarily developed and used as part of the NetSurf project. The vulnerability (CVE-2015-7507) allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table. The issue was disclosed on December 16, 2015 (NetSurf Disclosure).
Technical details
The vulnerability occurs due to a lack of boundary checking before dereferencing bmp->colour_table in bmp_decode_rgb() and bmp_decode_rle() functions with an index based on user-supplied values. The out-of-bounds read can be triggered when processing BMP files with specially crafted color table values (NetSurf Disclosure).
Impact
The vulnerability allows attackers to cause a denial of service condition through an out-of-bounds read, which can result in application crashes when processing maliciously crafted BMP files (NVD).
Mitigation and workarounds
The vulnerability was fixed in the git HEAD version of libnsbmp. Users should upgrade to the patched version to prevent exploitation (NetSurf Disclosure).
Additional resources
Source: This report was generated using AI
Related Linux Debian vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management