CVSS: 7.5EPSS: 7%CPEs: 15EXPL: 1CVE-2013-6954 – libpng: unhandled zero-length PLTE chunk or NULL palette
https://notcve.org/view.php?id=CVE-2013-6954
12 Jan 2014 — The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. La función png_do_expand_palette en libpng anteriores a 1.6.8 permite a atacantes remotos causar una denegación de servicio (referencia a puntero NULO y crash de la aplicación) a través de (1) un chunk PLTE de cero bytes o (2) una paleta NULL, relacionada co... • http://advisories.mageia.org/MGASA-2014-0075.html •
CVSS: 5.5EPSS: 1%CPEs: 149EXPL: 0CVE-2012-3425 – Ubuntu Security Notice USN-2815-1
https://notcve.org/view.php?id=CVE-2012-3425
13 Aug 2012 — The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image. La función png_push_read_zTXt en pngpread.c en libpng v1.0.x antes de v1.0.58, v1.2.x antes de v1.2.48, v1.4.x antes de v1.4.10 y v1.5.x antes de v1.5.10 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2011-3464
https://notcve.org/view.php?id=CVE-2011-3464
22 Jul 2012 — Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow. Error de superación de límite (off-by-one) en la función png_formatted_warning en pngerror.c en libpng v1.5.4 1.5.7 podría permitir a través de los atacantes remotos causar una denegación de servicio (caída de aplicación) y posib... • http://secunia.com/advisories/47827 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 6%CPEs: 143EXPL: 0CVE-2011-3048 – libpng: memory corruption flaw
https://notcve.org/view.php?id=CVE-2011-3048
29 May 2012 — The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. La función png_set_text_2 en pngset.c en libpng v1.0.x anterior a v1.0.59, v1.2.x anterior a v1.2.49, v1.4.x anterior a v1.4.11,... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 8%CPEs: 18EXPL: 0CVE-2011-3045 – libpng: buffer overflow in png_inflate caused by invalid type conversions
https://notcve.org/view.php?id=CVE-2011-3045
22 Mar 2012 — Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. El error de signo de entero en pngrutil.c en libpng antes v1.4.10beta01, tal y como se utiliza en Google Chrome antes de v17.0.963.83 y otros productos, permite a atacantes... • http://code.google.com/p/chromium/issues/detail?id=116162 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 7%CPEs: 1EXPL: 1CVE-2011-3328
https://notcve.org/view.php?id=CVE-2011-3328
17 Jan 2012 — The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value. La función png_handle_cHRM en pngrutil.c en libpng 1.5.4, cuando está habilitado el soporte de corrección de color, permite a un atacante remoto causar una denegación de servicio (error de división por cero y bloqueo de apli... • http://libpng.org/pub/png/libpng.html •