CVSS: 9.8EPSS: 69%CPEs: 31EXPL: 4CVE-2010-1205 – libpng 1.4.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-1205
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podría permitir a atacantes remotos ejecutar código arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales. • https://www.exploit-db.com/exploits/14422 https://github.com/mk219533/CVE-2010-1205 http://blackberry.com/btsc/KB27244 http://code.google.com/p/chromium/issues/detail?id=45983 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-anno • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 2%CPEs: 24EXPL: 0CVE-2010-2249 – libpng: Memory leak when processing Physical Scale (sCAL) images
https://notcve.org/view.php?id=CVE-2010-2249
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. Fuga de memoria en pngrutil.c en libpng anteriores a v1.2.44 y v1.4.x anteriores a v.1.4.3, permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de aplicación) a través de una imagen que contiene un troceado mal formado del Physical Scale (también conocido como sCAL) • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html http&# • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.3EPSS: 1%CPEs: 21EXPL: 0CVE-2010-0205 – libpng: excessive memory consumption due to highly compressed huge ancillary chunk
https://notcve.org/view.php?id=CVE-2010-0205
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. La función png_decompress_chunk en pngrutil.c en libpng 1.0.x en versiones anteriores a la 1.0.53, 1.2.x en versiones anteriores a la 1.2.43 y1.4.x en versiones anteriores a la 1.4.1 no maneja adecuadamente los datos fragmentados auxiliares comprimidos que tienen una representación descomprimida desproporcionada, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de la CPU y de la memoria y cuelgue de la aplicación) mediante un fichero PNG manipulado, como ha quedado demostrado por el uso del método de decompresión con datos con muchas ocurrencias del mismo caracter, en relación con un ataque "decompression bomb" (bomba de descompresión). • http://libpng.sourceforge.net/ADVISORY-1.4.1.html http://libpng.sourceforge.net/decompression_bombs.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html http:/ • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 249EXPL: 0CVE-2009-2042 – libpng: Interlaced Images Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2009-2042
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. libpng anteriores a v1.2.37 no parsea adecuadamente 1-bit de imágenes entrelazadas con valores de ancho que no son divisibles por 8, lo que produce que libpng incluya bits sin inicializar en ciertas filas del fichero PNG lo que permitiría atacantes remotos leer trozos de memoria sensible a través de "pixeles fuera de rango" en el fichero. • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://secunia.com/advisories/35346 http://secunia.com/advisories/35470 http://secunia.com/advisories/35524 http://secunia.com/advisories/35594 http://secunia.com/advisories/39206 http://secunia.com/advisories&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 7%CPEs: 15EXPL: 0CVE-2009-0040 – libpng arbitrary free() flaw
https://notcve.org/view.php?id=CVE-2009-0040
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. La libreria de referencia PNG (tambien conocida como libpng) anterior a v1.0.43, y v1.2.x anteriores a 1.2.35, utilizado en pngcrush y otras aplicaciones, lo que permite a atacantes dependientes de contexto producir una denegacion de servicio (caida de aplicacion) o posiblemente ejecutar codigo a traves de de un fichero PNG manipulado que inicia un puntero sin inicializar en (1) la funcion png_read_png, (2) manejador pCAL, o (3) instalacion de tablas de gamma de 16-bit. • ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg000 • CWE-824: Access of Uninitialized Pointer •