CVE-2015-6673 – CVE-2015-6673 is a use-after-free vulnerability... (How to Fix)

Q: What is the severity of CVE-2015-6673?

CVE-2015-6673 has a CVSS score of 9.8 (CRITICAL). CVE-2015-6673 is a use-after-free vulnerability in libpgf's Decoder.cpp that allows attackers to execute arbitrary code or cause denial of service. This affects applications that process PGF image files using vulnerable versions of libpgf. The vulnerability can be triggered by parsing specially crafted PGF images.

📋 TL;DR

CVE-2015-6673 is a use-after-free vulnerability in libpgf's Decoder.cpp that allows attackers to execute arbitrary code or cause denial of service. This affects applications that process PGF image files using vulnerable versions of libpgf. The vulnerability can be triggered by parsing specially crafted PGF images.

💻 Affected Systems

Products:

libpgf
Applications using libpgf library

Versions: All versions before 6.15.32

Operating Systems: Linux, Unix-like systems, Windows (if compiled with libpgf)

Default Config Vulnerable: ⚠️ Yes

Notes: Any application that uses libpgf to decode PGF image files is vulnerable. This includes image viewers, editors, or web applications that process PGF format.

📦 What is this software?

Libpgf by Libpgf

View all CVEs affecting Libpgf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application processing the PGF file, potentially leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malicious PGF files, with potential for code execution in some configurations.

🟢

If Mitigated

Limited to denial of service if exploit attempts are blocked or application runs with minimal privileges.

🌐 Internet-Facing: MEDIUM - Risk depends on whether applications using libpgf process untrusted PGF files from external sources.

🏢 Internal Only: LOW - Lower risk if PGF files come from trusted internal sources only.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept exists in public references. Exploitation requires the target to process a malicious PGF file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.15.32 and later

Vendor Advisory: https://sourceforge.net/p/libpgf/code/147/

Restart Required: Yes

Instructions:

1. Update libpgf to version 6.15.32 or later. 2. Recompile any applications using libpgf with the updated library. 3. Restart affected services or applications.

🔧 Temporary Workarounds

Disable PGF file processing

all

Configure applications to reject or not process PGF image files

Sandbox image processing

all

Run applications that process PGF files in isolated containers or with reduced privileges

🧯 If You Can't Patch

Implement strict input validation to reject suspicious PGF files
Deploy application-level firewalls or WAF rules to block malicious PGF file uploads

🔍 How to Verify

Check if Vulnerable:

Check libpgf version: 'pgf --version' or check library version in package manager

Check Version:

pgf --version 2>/dev/null || dpkg -l | grep libpgf || rpm -qa | grep libpgf

Verify Fix Applied:

Verify libpgf version is 6.15.32 or higher: 'pgf --version | grep -q "6.15.3[2-9]\|6\.1[6-9]\|[7-9]\.[0-9]"'

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing image files
Memory access violation errors in application logs

Network Indicators:

Unexpected PGF file uploads to web applications
Network traffic containing PGF files to vulnerable services

SIEM Query:

source="application.log" AND ("segmentation fault" OR "access violation" OR "libpgf")

📊 Metadata

CVE ID: CVE-2015-6673

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: September 20, 2017

Last Updated: April 20, 2025

🔗 References

http://www.openwall.com/lists/oss-security/2015/08/25/9 Mailing List,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1251749 Issue Tracking,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/12/msg00017.html
https://security-tracker.debian.org/tracker/CVE-2015-6673/ Third Party Advisory
https://sourceforge.net/p/libpgf/code/147/ Third Party Advisory
https://sourceforge.net/p/libpgf/code/148/ Third Party Advisory
https://sourceforge.net/p/libpgf/code/HEAD/tree/trunk/libpgf/INSTALL Third Party Advisory
https://usn.ubuntu.com/4554-1/
http://www.openwall.com/lists/oss-security/2015/08/25/9 Mailing List,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1251749 Issue Tracking,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/12/msg00017.html
https://security-tracker.debian.org/tracker/CVE-2015-6673/ Third Party Advisory
https://sourceforge.net/p/libpgf/code/147/ Third Party Advisory
https://sourceforge.net/p/libpgf/code/148/ Third Party Advisory
https://sourceforge.net/p/libpgf/code/HEAD/tree/trunk/libpgf/INSTALL Third Party Advisory
https://usn.ubuntu.com/4554-1/

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-6673, you might also want to check these: