CVSS: 10.0EPSS: 4%CPEs: 31EXPL: 0CVE-2014-9495 – Mandriva Linux Security Advisory 2015-090
https://notcve.org/view.php?id=CVE-2014-9495
10 Jan 2015 — Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. Desbordamiento de buffer basado en memoria dinámica en la función png_combine_row en libpng en versiones anteriores a 1.5.21 y 1.6.x en versiones anteriores a 1.6.16, cuando se ejecuta en sistemas de 64 bits, podría permitir a atacantes dependientes del contexto eje... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2013-7353 – Mandriva Linux Security Advisory 2014-084
https://notcve.org/view.php?id=CVE-2013-7353
06 May 2014 — Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. Desbordamiento de enteros en la función png_set_unknown_chunks en libpng/pngset.c en libpng anterior a 1.5.14beta08 permite a atacantes dependientes de contexto causar una denegación de servicio (fallo de segmentación y caída) a través de un imag... • http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2013-7354 – Mandriva Linux Security Advisory 2014-084
https://notcve.org/view.php?id=CVE-2013-7354
06 May 2014 — Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. Múltiples desbordamientos de enteros en libpng anterior a 1.5.14rc03 permiten a atacantes remotos causar una denegación de servicio (caída) a través de un imagen manipulado hacia la función (1) png_set_sPLT o (2) png_set_text_2, lo que provoca un desbordamiento de buffer basa... • http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0CVE-2014-0333 – Gentoo Linux Security Advisory 201408-06
https://notcve.org/view.php?id=CVE-2014-0333
27 Feb 2014 — The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero. La función png_push_read_chunk en pngpread.c en el decodificador progresivo en libpng 1.6.x hasta 1.6.9 permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de un fragmento IDAT con una longitud cero. The png_push_read_chunk f... • ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 6%CPEs: 15EXPL: 1CVE-2013-6954 – libpng: unhandled zero-length PLTE chunk or NULL palette
https://notcve.org/view.php?id=CVE-2013-6954
12 Jan 2014 — The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. La función png_do_expand_palette en libpng anteriores a 1.6.8 permite a atacantes remotos causar una denegación de servicio (referencia a puntero NULO y crash de la aplicación) a través de (1) un chunk PLTE de cero bytes o (2) una paleta NULL, relacionada co... • http://advisories.mageia.org/MGASA-2014-0075.html •
CVSS: 5.5EPSS: 1%CPEs: 149EXPL: 0CVE-2012-3425 – Ubuntu Security Notice USN-2815-1
https://notcve.org/view.php?id=CVE-2012-3425
13 Aug 2012 — The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image. La función png_push_read_zTXt en pngpread.c en libpng v1.0.x antes de v1.0.58, v1.2.x antes de v1.2.48, v1.4.x antes de v1.4.10 y v1.5.x antes de v1.5.10 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2011-3464
https://notcve.org/view.php?id=CVE-2011-3464
22 Jul 2012 — Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow. Error de superación de límite (off-by-one) en la función png_formatted_warning en pngerror.c en libpng v1.5.4 1.5.7 podría permitir a través de los atacantes remotos causar una denegación de servicio (caída de aplicación) y posib... • http://secunia.com/advisories/47827 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 6%CPEs: 143EXPL: 0CVE-2011-3048 – libpng: memory corruption flaw
https://notcve.org/view.php?id=CVE-2011-3048
29 May 2012 — The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. La función png_set_text_2 en pngset.c en libpng v1.0.x anterior a v1.0.59, v1.2.x anterior a v1.2.49, v1.4.x anterior a v1.4.11,... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 8%CPEs: 18EXPL: 0CVE-2011-3045 – libpng: buffer overflow in png_inflate caused by invalid type conversions
https://notcve.org/view.php?id=CVE-2011-3045
22 Mar 2012 — Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. El error de signo de entero en pngrutil.c en libpng antes v1.4.10beta01, tal y como se utiliza en Google Chrome antes de v17.0.963.83 y otros productos, permite a atacantes... • http://code.google.com/p/chromium/issues/detail?id=116162 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 7%CPEs: 1EXPL: 1CVE-2011-3328
https://notcve.org/view.php?id=CVE-2011-3328
17 Jan 2012 — The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value. La función png_handle_cHRM en pngrutil.c en libpng 1.5.4, cuando está habilitado el soporte de corrección de color, permite a un atacante remoto causar una denegación de servicio (error de división por cero y bloqueo de apli... • http://libpng.org/pub/png/libpng.html •