Page 4 of 28 results (0.030 seconds)

CVSS: 4.3EPSS: 0%CPEs: 249EXPL: 0

libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. libpng anteriores a v1.2.37 no parsea adecuadamente 1-bit de imágenes entrelazadas con valores de ancho que no son divisibles por 8, lo que produce que libpng incluya bits sin inicializar en ciertas filas del fichero PNG lo que permitiría atacantes remotos leer trozos de memoria sensible a través de "pixeles fuera de rango" en el fichero. • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://secunia.com/advisories/35346 http://secunia.com/advisories/35470 http://secunia.com/advisories/35524 http://secunia.com/advisories/35594 http://secunia.com/advisories/39206 http://secunia.com/advisories&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 7%CPEs: 15EXPL: 0

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. La libreria de referencia PNG (tambien conocida como libpng) anterior a v1.0.43, y v1.2.x anteriores a 1.2.35, utilizado en pngcrush y otras aplicaciones, lo que permite a atacantes dependientes de contexto producir una denegacion de servicio (caida de aplicacion) o posiblemente ejecutar codigo a traves de de un fichero PNG manipulado que inicia un puntero sin inicializar en (1) la funcion png_read_png, (2) manejador pCAL, o (3) instalacion de tablas de gamma de 16-bit. • ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg000 • CWE-824: Access of Uninitialized Pointer •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability. La funcion png_check_keyword en pngwutil.c en libpng anteriores a v1.0.42, v1.2.x anterior a v1.2.34, permitiría atacantes dependientes de contexto poner a cero el valor de una localización de memoria de su elección a través de vectores relacionados con la creación de ficheros PNG con palabras clave, relacionado con la asignación del valor '\0' a un puntero NULL. NOTA: Algunas fuentes informan incorrectamente que se trata de una vulnerabilidad de doble liberación. • http://libpng.sourceforge.net/index.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://openwall.com/lists/oss-security/2009/01/09/1 http://secunia.com/advisories/34320 http://secunia.com/advisories/34388 http://security.gentoo.org/glsa/glsa-200903-28.xml http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local&forum_name=png-mng-implement http://www.debian.org/security/2009/dsa-1750 http://www&# •

CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 1

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c. Múltiples desbordamientos de entero en libpng versiones anteriores a 1.2.32beta01, y 1.4 versiones anteriores a 1.4.0beta34, permiten a atacantes dependientes de contexto provocar una denegación de servicio (caída) o tener otros impactos desconocidos a través de una imagen PNG con fragmentos zTXt manipulados, relacionado con (1) la función png_push_read_zTXt en pngread.c, y posiblemente relacionado con (2) pngtest.c. • http://secunia.com/advisories/31781 http://secunia.com/advisories/33137 http://secunia.com/advisories/35302 http://secunia.com/advisories/35386 http://security.gentoo.org/glsa/glsa-200812-15.xml http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517 http://sourceforge.net/project/shownotes.php?release_id=624518 http://sourceforge.net/tracker& • CWE-193: Off-by-one Error •

CVSS: 5.0EPSS: 30%CPEs: 2EXPL: 0

Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. Determinados manejadores de fragmentos en libpng anterior a 1.0.29 y 1.2.x anterior a 1.2.21 permiten a atacantes remotos provocar una denegación de servicio (caída) mediante fragmentación manipulada (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), y (5) ztXT (png_handle_ztXt) en imágenes PNG, lo cual dispara operaciones de lectura fuera de límite. • http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html http://bugs.gentoo.org/show_bug.cgi?id=195261 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://lists.vmware.com/pipermail/security-announce/2008/000008.html http:/ • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •