Page 8 of 46 results (0.013 seconds)

CVSS: 4.3EPSS: 0%CPEs: 249EXPL: 0

libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. libpng anteriores a v1.2.37 no parsea adecuadamente 1-bit de imágenes entrelazadas con valores de ancho que no son divisibles por 8, lo que produce que libpng incluya bits sin inicializar en ciertas filas del fichero PNG lo que permitiría atacantes remotos leer trozos de memoria sensible a través de "pixeles fuera de rango" en el fichero. • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://secunia.com/advisories/35346 http://secunia.com/advisories/35470 http://secunia.com/advisories/35524 http://secunia.com/advisories/35594 http://secunia.com/advisories/39206 http://secunia.com/advisories&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 7%CPEs: 15EXPL: 0

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. La libreria de referencia PNG (tambien conocida como libpng) anterior a v1.0.43, y v1.2.x anteriores a 1.2.35, utilizado en pngcrush y otras aplicaciones, lo que permite a atacantes dependientes de contexto producir una denegacion de servicio (caida de aplicacion) o posiblemente ejecutar codigo a traves de de un fichero PNG manipulado que inicia un puntero sin inicializar en (1) la funcion png_read_png, (2) manejador pCAL, o (3) instalacion de tablas de gamma de 16-bit. • ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg000 • CWE-824: Access of Uninitialized Pointer •

CVSS: 7.1EPSS: 1%CPEs: 243EXPL: 0

Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. Fuga de memoria en la función png_handle_tEXt en pngrutil.c en libpng anterior a v1.2.33 rc02 y v1.4.0 beta36 que permite a atacantes dependientes de contexto producir una denegacion de servicio (agotamiento de memoria) a traves de un fichero PNG manipulado. • http://secunia.com/advisories/32418 http://secunia.com/advisories/34265 http://secunia.com/advisories/34320 http://secunia.com/advisories/34388 http://security.gentoo.org/glsa/glsa-200903-28.xml http://sourceforge.net/project/shownotes.php?release_id=635463&group_id=5624 http://sourceforge.net/project/shownotes.php?release_id=635837 http://wiki.rpath.com/Advisories:rPSA-2009-0046 http://www.debian.org/security/2009/dsa-1750 http://www.mandriva.com/security/advisories?name=MDVSA-2 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability. La funcion png_check_keyword en pngwutil.c en libpng anteriores a v1.0.42, v1.2.x anterior a v1.2.34, permitiría atacantes dependientes de contexto poner a cero el valor de una localización de memoria de su elección a través de vectores relacionados con la creación de ficheros PNG con palabras clave, relacionado con la asignación del valor '\0' a un puntero NULL. NOTA: Algunas fuentes informan incorrectamente que se trata de una vulnerabilidad de doble liberación. • http://libpng.sourceforge.net/index.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://openwall.com/lists/oss-security/2009/01/09/1 http://secunia.com/advisories/34320 http://secunia.com/advisories/34388 http://security.gentoo.org/glsa/glsa-200903-28.xml http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local&forum_name=png-mng-implement http://www.debian.org/security/2009/dsa-1750 http://www&# •

CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 1

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c. Múltiples desbordamientos de entero en libpng versiones anteriores a 1.2.32beta01, y 1.4 versiones anteriores a 1.4.0beta34, permiten a atacantes dependientes de contexto provocar una denegación de servicio (caída) o tener otros impactos desconocidos a través de una imagen PNG con fragmentos zTXt manipulados, relacionado con (1) la función png_push_read_zTXt en pngread.c, y posiblemente relacionado con (2) pngtest.c. • http://secunia.com/advisories/31781 http://secunia.com/advisories/33137 http://secunia.com/advisories/35302 http://secunia.com/advisories/35386 http://security.gentoo.org/glsa/glsa-200812-15.xml http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517 http://sourceforge.net/project/shownotes.php?release_id=624518 http://sourceforge.net/tracker& • CWE-193: Off-by-one Error •