CVSS: 7.5EPSS: 0%CPEs: 176EXPL: 0CVE-2006-7244
https://notcve.org/view.php?id=CVE-2006-7244
31 Aug 2011 — Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. Una pérdida de memoria en pngwutil.c en libpng v1.2.13beta1, y otras versiones anteriores a la v1.2.15beta3, permite provocar una denegación de servicio (pérdida de memoria o fallo de segmentación) a atacantes dependientes del contexto a tra... • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2009-5063
https://notcve.org/view.php?id=CVE-2009-5063
31 Aug 2011 — Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244. Una pérdida de memoria en la función embedded_profile_len en el archivo pngwutil.c en libpng anterior a versión 1.2.39beta5, permite a los atacantes dependiendo del contexto causa... • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 1CVE-2011-2501 – libpng: regression of CVE-2004-0421 in 1.2.23+
https://notcve.org/view.php?id=CVE-2011-2501
17 Jul 2011 — The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources. La función png_format_buffer en pngerror.c en libpng v1.0.x antes de... • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=65e6d5a34f49acdb362a0625a706c6b914e670af • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2011-2690 – libpng: buffer overwrite in png_rgb_to_gray
https://notcve.org/view.php?id=CVE-2011-2690
17 Jul 2011 — Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. Desbordamiento de búfer en libpng v1.0.x antes de v1.0.55, en v1.2.x antes de v1.2.45, en v1.4.x antes de v1.4.8, y en v1.5.x antes de v1.5.4, cuand... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 7%CPEs: 7EXPL: 1CVE-2011-2691
https://notcve.org/view.php?id=CVE-2011-2691
17 Jul 2011 — The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image. La función png_err en pngerror.c en libpng v1.0.x antes de v1.0.55, en v1.2.x antes de v1.2.45, en v1.4.x antes de v1.4.8, y en v1.5.x antes de v1.5.4, hace una llamada a la función con un ... • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=9dad5e37aef295b4ef8dea39392b652deebc9261 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 6%CPEs: 11EXPL: 1CVE-2011-2692 – libpng: Invalid read when handling empty sCAL chunks
https://notcve.org/view.php?id=CVE-2011-2692
17 Jul 2011 — The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory. La función png_handle_sCAL de pngrutil.c en libpng v1.0.x antes de la v1.0.55, en v1.2.x antes de la v1.2.45, ... • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 0CVE-2011-0408
https://notcve.org/view.php?id=CVE-2011-0408
18 Jan 2011 — pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information. pngrtran.c en libpng v1.5.x anterior a v1.5.1 permite a atacantes remotos provocar una denegación de servicio (caída... • ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 29%CPEs: 31EXPL: 4CVE-2010-1205 – libpng 1.4.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-1205
30 Jun 2010 — Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podría permitir a atacantes remotos ejecutar código arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales. ... • https://www.exploit-db.com/exploits/14422 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 1%CPEs: 24EXPL: 0CVE-2010-2249 – libpng: Memory leak when processing Physical Scale (sCAL) images
https://notcve.org/view.php?id=CVE-2010-2249
30 Jun 2010 — Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. Fuga de memoria en pngrutil.c en libpng anteriores a v1.2.44 y v1.4.x anteriores a v.1.4.3, permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de aplicación) a través de una imagen que contiene un troceado mal formado del Physical ... • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 8%CPEs: 21EXPL: 0CVE-2010-0205 – libpng: excessive memory consumption due to highly compressed huge ancillary chunk
https://notcve.org/view.php?id=CVE-2010-0205
03 Mar 2010 — The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "de... • http://libpng.sourceforge.net/ADVISORY-1.4.1.html • CWE-400: Uncontrolled Resource Consumption •