CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 1CVE-2008-3964
https://notcve.org/view.php?id=CVE-2008-3964
Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c. Múltiples desbordamientos de entero en libpng versiones anteriores a 1.2.32beta01, y 1.4 versiones anteriores a 1.4.0beta34, permiten a atacantes dependientes de contexto provocar una denegación de servicio (caída) o tener otros impactos desconocidos a través de una imagen PNG con fragmentos zTXt manipulados, relacionado con (1) la función png_push_read_zTXt en pngread.c, y posiblemente relacionado con (2) pngtest.c. • http://secunia.com/advisories/31781 http://secunia.com/advisories/33137 http://secunia.com/advisories/35302 http://secunia.com/advisories/35386 http://security.gentoo.org/glsa/glsa-200812-15.xml http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517 http://sourceforge.net/project/shownotes.php?release_id=624518 http://sourceforge.net/tracker& • CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 3%CPEs: 310EXPL: 0CVE-2008-1382 – libpng unknown chunk handling flaw
https://notcve.org/view.php?id=CVE-2008-1382
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. libpng versions de la 1.0.6 hasta la 1.0.32, 1.2.0 hasta la 1.2.26 y 1.4.0beta01 hasta la 1.4.0beta19, permiten a atacantes dependientes del contexto provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de un archivo PNG con fragmentos desconocidos de longitud cero, lo que dispara un acceso de memoria no inicializada. • http://libpng.sourceforge.net/Advisory-1.2.26.txt http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://secunia.com/advisories/29678 http://secunia.com/advisories/29792 http://secunia.com/advisories/29957 http://secunia.com/advisories/29992 http://secunia.com/advisories/30009 http://secunia.com/advisories/301 • CWE-189: Numeric Errors •