CVSS: 7.5EPSS: 7%CPEs: 15EXPL: 1CVE-2013-6954 – libpng: unhandled zero-length PLTE chunk or NULL palette
https://notcve.org/view.php?id=CVE-2013-6954
12 Jan 2014 — The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. La función png_do_expand_palette en libpng anteriores a 1.6.8 permite a atacantes remotos causar una denegación de servicio (referencia a puntero NULO y crash de la aplicación) a través de (1) un chunk PLTE de cero bytes o (2) una paleta NULL, relacionada co... • http://advisories.mageia.org/MGASA-2014-0075.html •
CVSS: 5.5EPSS: 1%CPEs: 149EXPL: 0CVE-2012-3425 – Ubuntu Security Notice USN-2815-1
https://notcve.org/view.php?id=CVE-2012-3425
13 Aug 2012 — The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image. La función png_push_read_zTXt en pngpread.c en libpng v1.0.x antes de v1.0.58, v1.2.x antes de v1.2.48, v1.4.x antes de v1.4.10 y v1.5.x antes de v1.5.10 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 6%CPEs: 143EXPL: 0CVE-2011-3048 – libpng: memory corruption flaw
https://notcve.org/view.php?id=CVE-2011-3048
29 May 2012 — The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. La función png_set_text_2 en pngset.c en libpng v1.0.x anterior a v1.0.59, v1.2.x anterior a v1.2.49, v1.4.x anterior a v1.4.11,... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •