CVSS: 7.5EPSS: 2%CPEs: 249EXPL: 0CVE-2009-2042 – libpng: Interlaced Images Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2009-2042
12 Jun 2009 — libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. libpng anteriores a v1.2.37 no parsea adecuadamente 1-bit de imágenes entrelazadas con valores de ancho que no son divisibles por 8, lo que produce que libpng incluya bits sin inicializar en ciertas filas d... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 6%CPEs: 15EXPL: 0CVE-2009-0040 – libpng arbitrary free() flaw
https://notcve.org/view.php?id=CVE-2009-0040
22 Feb 2009 — The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. La libreria de referencia PNG (tambien conocida como libpng) anterior a v1.0.43, y v1.2.x anteriores a... • ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.1EPSS: 2%CPEs: 243EXPL: 0CVE-2008-6218 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2008-6218
20 Feb 2009 — Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. Fuga de memoria en la función png_handle_tEXt en pngrutil.c en libpng anterior a v1.2.33 rc02 y v1.4.0 beta36 que permite a atacantes dependientes de contexto producir una denegacion de servicio (agotamiento de memoria) a traves de un fichero PNG manipulado. This GLSA contains notification of vulner... • http://secunia.com/advisories/32418 • CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2008-5907 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2008-5907
15 Jan 2009 — The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability. La funcion png_check_keyword en pngwutil.c en libpng anteriores a v1.0.42, v1.2.x anterior a v1.2.34... • http://libpng.sourceforge.net/index.html •
CVSS: 7.1EPSS: 2%CPEs: 34EXPL: 1CVE-2008-3964
https://notcve.org/view.php?id=CVE-2008-3964
10 Sep 2008 — Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c. Múltiples desbordamientos de entero en libpng versiones anteriores a 1.2.32beta01, y 1.4 versiones anteriores a 1.4.0beta34, permiten a atacantes dependientes de contexto provocar ... • http://secunia.com/advisories/31781 • CWE-193: Off-by-one Error •
CVSS: 9.1EPSS: 6%CPEs: 310EXPL: 0CVE-2008-1382 – libpng unknown chunk handling flaw
https://notcve.org/view.php?id=CVE-2008-1382
14 Apr 2008 — libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. libpng versions de la 1.0.6 hasta la 1.0.32, 1.2.0 hasta la 1.2.26 y 1.4.0beta01 hasta la 1.4.0beta19, permiten a atacantes dependientes del contexto provocar una denegación de servicio (caída) y posiblemente ejecutar ... • http://libpng.sourceforge.net/Advisory-1.2.26.txt • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 14%CPEs: 2EXPL: 0CVE-2007-5266 – Gentoo Linux Security Advisory 201412-11
https://notcve.org/view.php?id=CVE-2007-5266
08 Oct 2007 — Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated. Error de superación de límite (off-by-one) en el manejo de perfiles ICC en la función png_set_iCCP de pngset.c en libpng anterior a 1.0.29 beta1 y 1.2.x anterior a 1.2.21 beta1 permite a atacantes remotos provocar una denega... • http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2007-5267
https://notcve.org/view.php?id=CVE-2007-5267
08 Oct 2007 — Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266. Error de superación de límite (off-by-one) en el manejo de perfiles ICC en la función png_set_iCCP de pngset.c en libpng anterior a 1.2.22 beta1 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una imagen PNG manipulada artesanalment... • http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 17%CPEs: 6EXPL: 0CVE-2007-5268 – Gentoo Linux Security Advisory 201412-11
https://notcve.org/view.php?id=CVE-2007-5268
08 Oct 2007 — pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image. pngrtran.c en libpng anterior a 1.0.29 y 1.2.x anterior a 1.2.21 utiliza (1) operaciones lógicas en vez de operación sobre bits y (2) comparaciones incorrectas, lo cual podría permitir a atacantes remotos provocar una denegación de servicio (caída) mediante una imagen PNG manipu... • http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html •
CVSS: 7.5EPSS: 11%CPEs: 2EXPL: 0CVE-2007-5269 – libpng DoS via multiple out-of-bounds reads
https://notcve.org/view.php?id=CVE-2007-5269
08 Oct 2007 — Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. Determinados manejadores de fragmentos en libpng anterior a 1.0.29 y 1.2.x anterior a 1.2.21 permiten a atacantes remotos provocar una denegación de servi... • http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •