CVSS: 9.1EPSS: 6%CPEs: 310EXPL: 0CVE-2008-1382 – libpng unknown chunk handling flaw
https://notcve.org/view.php?id=CVE-2008-1382
14 Apr 2008 — libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. libpng versions de la 1.0.6 hasta la 1.0.32, 1.2.0 hasta la 1.2.26 y 1.4.0beta01 hasta la 1.4.0beta19, permiten a atacantes dependientes del contexto provocar una denegación de servicio (caída) y posiblemente ejecutar ... • http://libpng.sourceforge.net/Advisory-1.2.26.txt • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 14%CPEs: 2EXPL: 0CVE-2007-5266 – Gentoo Linux Security Advisory 201412-11
https://notcve.org/view.php?id=CVE-2007-5266
08 Oct 2007 — Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated. Error de superación de límite (off-by-one) en el manejo de perfiles ICC en la función png_set_iCCP de pngset.c en libpng anterior a 1.0.29 beta1 y 1.2.x anterior a 1.2.21 beta1 permite a atacantes remotos provocar una denega... • http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2007-5267
https://notcve.org/view.php?id=CVE-2007-5267
08 Oct 2007 — Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266. Error de superación de límite (off-by-one) en el manejo de perfiles ICC en la función png_set_iCCP de pngset.c en libpng anterior a 1.2.22 beta1 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una imagen PNG manipulada artesanalment... • http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 17%CPEs: 6EXPL: 0CVE-2007-5268 – Gentoo Linux Security Advisory 201412-11
https://notcve.org/view.php?id=CVE-2007-5268
08 Oct 2007 — pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image. pngrtran.c en libpng anterior a 1.0.29 y 1.2.x anterior a 1.2.21 utiliza (1) operaciones lógicas en vez de operación sobre bits y (2) comparaciones incorrectas, lo cual podría permitir a atacantes remotos provocar una denegación de servicio (caída) mediante una imagen PNG manipu... • http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html •
CVSS: 7.5EPSS: 11%CPEs: 2EXPL: 0CVE-2007-5269 – libpng DoS via multiple out-of-bounds reads
https://notcve.org/view.php?id=CVE-2007-5269
08 Oct 2007 — Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. Determinados manejadores de fragmentos en libpng anterior a 1.0.29 y 1.2.x anterior a 1.2.21 permiten a atacantes remotos provocar una denegación de servi... • http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 2%CPEs: 26EXPL: 0CVE-2004-0421 – CAN-2004-0421 libpng can access out of bounds memory
https://notcve.org/view.php?id=CVE-2004-0421
05 May 2004 — The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. La librería de Graficos de Red Portables (libpng) 1.0.15 y anteriores permiten a atacantes causar una denegación de servicio (caída) mediante un fichero de imagen PNG que dispara un error que causa un lectura fuera de límites cuando se crea el mensaje de error. • http://lists.apple.com/mhonarc/security-announce/msg00056.html • CWE-125: Out-of-bounds Read •