Page 6 of 33 results (0.055 seconds)

CVSS: 7.1EPSS: 1%CPEs: 243EXPL: 0

Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. Fuga de memoria en la función png_handle_tEXt en pngrutil.c en libpng anterior a v1.2.33 rc02 y v1.4.0 beta36 que permite a atacantes dependientes de contexto producir una denegacion de servicio (agotamiento de memoria) a traves de un fichero PNG manipulado. • http://secunia.com/advisories/32418 http://secunia.com/advisories/34265 http://secunia.com/advisories/34320 http://secunia.com/advisories/34388 http://security.gentoo.org/glsa/glsa-200903-28.xml http://sourceforge.net/project/shownotes.php?release_id=635463&group_id=5624 http://sourceforge.net/project/shownotes.php?release_id=635837 http://wiki.rpath.com/Advisories:rPSA-2009-0046 http://www.debian.org/security/2009/dsa-1750 http://www.mandriva.com/security/advisories?name=MDVSA-2 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability. La funcion png_check_keyword en pngwutil.c en libpng anteriores a v1.0.42, v1.2.x anterior a v1.2.34, permitiría atacantes dependientes de contexto poner a cero el valor de una localización de memoria de su elección a través de vectores relacionados con la creación de ficheros PNG con palabras clave, relacionado con la asignación del valor '\0' a un puntero NULL. NOTA: Algunas fuentes informan incorrectamente que se trata de una vulnerabilidad de doble liberación. • http://libpng.sourceforge.net/index.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://openwall.com/lists/oss-security/2009/01/09/1 http://secunia.com/advisories/34320 http://secunia.com/advisories/34388 http://security.gentoo.org/glsa/glsa-200903-28.xml http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local&forum_name=png-mng-implement http://www.debian.org/security/2009/dsa-1750 http://www&# •

CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 1

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c. Múltiples desbordamientos de entero en libpng versiones anteriores a 1.2.32beta01, y 1.4 versiones anteriores a 1.4.0beta34, permiten a atacantes dependientes de contexto provocar una denegación de servicio (caída) o tener otros impactos desconocidos a través de una imagen PNG con fragmentos zTXt manipulados, relacionado con (1) la función png_push_read_zTXt en pngread.c, y posiblemente relacionado con (2) pngtest.c. • http://secunia.com/advisories/31781 http://secunia.com/advisories/33137 http://secunia.com/advisories/35302 http://secunia.com/advisories/35386 http://security.gentoo.org/glsa/glsa-200812-15.xml http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517 http://sourceforge.net/project/shownotes.php?release_id=624518 http://sourceforge.net/tracker& • CWE-193: Off-by-one Error •

CVSS: 7.5EPSS: 3%CPEs: 310EXPL: 0

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. libpng versions de la 1.0.6 hasta la 1.0.32, 1.2.0 hasta la 1.2.26 y 1.4.0beta01 hasta la 1.4.0beta19, permiten a atacantes dependientes del contexto provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de un archivo PNG con fragmentos desconocidos de longitud cero, lo que dispara un acceso de memoria no inicializada. • http://libpng.sourceforge.net/Advisory-1.2.26.txt http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://secunia.com/advisories/29678 http://secunia.com/advisories/29792 http://secunia.com/advisories/29957 http://secunia.com/advisories/29992 http://secunia.com/advisories/30009 http://secunia.com/advisories/301 • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 30%CPEs: 2EXPL: 0

Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. Determinados manejadores de fragmentos en libpng anterior a 1.0.29 y 1.2.x anterior a 1.2.21 permiten a atacantes remotos provocar una denegación de servicio (caída) mediante fragmentación manipulada (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), y (5) ztXT (png_handle_ztXt) en imágenes PNG, lo cual dispara operaciones de lectura fuera de límite. • http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html http://bugs.gentoo.org/show_bug.cgi?id=195261 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://lists.vmware.com/pipermail/security-announce/2008/000008.html http:/ • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •