CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 2CVE-2021-4214
https://notcve.org/view.php?id=CVE-2021-4214
24 Aug 2022 — A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. Se ha encontrado un fallo de desbordamiento de la pila en el programa pngimage.c de libpngs. Este fallo permite a un atacante con acceso a la red local pasar un archivo PNG especialmente diseñado a la utilidad pngimage, causando un fallo en la aplicación, conllevando... • https://access.redhat.com/security/cve/CVE-2021-4214 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35511 – Debian Security Advisory 5300-1
https://notcve.org/view.php?id=CVE-2020-35511
23 Aug 2022 — A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file. Se ha detectado un desbordamiento de búfer global en la función pngcheck en pngcheck versión 2.4.0 (5 parches aplicados) por medio de un archivo png diseñado. Multiple security issues were discovered in pngcheck, a tool to verify the integrity of PNG, JNG and MNG files, which could potentially result in the execution of arbitrary code. • http://www.libpng.org/pub/png/apps/pngcheck.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-126: Buffer Over-read •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2020-27818 – Ubuntu Security Notice USN-6182-1
https://notcve.org/view.php?id=CVE-2020-27818
08 Dec 2020 — A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. Se encontró un fallo en la función check_chunk_name() de pngcheck-2.4.0. Un atacante capaz de pasar un archivo malicioso para ser procesado por pngcheck podría causar una denegación temporal de servicio, lo que supone un bajo riesgo para la disponibilidad de la aplicación. It was ... • https://github.com/13m0n4de/pngcheck-vulns • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12652 – libpng: does not check length of chunks against user limit
https://notcve.org/view.php?id=CVE-2017-12652
10 Jul 2019 — libpng before 1.6.32 does not properly check the length of chunks against the user limit. En libpng anterior a versión 1.6.32, no comprueba apropiadamente la longitud de fragmentos en comparación con el límite del usuario. It was discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute a... • http://www.securityfocus.com/bid/109269 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 2CVE-2018-14550 – Slackware Security Advisory - libpng Updates
https://notcve.org/view.php?id=CVE-2018-14550
18 Apr 2019 — An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. Se detecto un problema en la decodificación PNM de terceros asociada con libpng versión 1.6.35. Es un desbordamiento de búfer en la región stack de la memoria en la función get_token en el archivo pnm2png.c en pnm2png. Multiple vulnerabilities have been found in libpng, the worst of which could result in a Denial of Service condition. • https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 57EXPL: 1CVE-2019-7317 – libpng: use-after-free in png_image_free in png.c
https://notcve.org/view.php?id=CVE-2019-7317
04 Feb 2019 — png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. La función png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la función png_image_free_function es llamada bajo png_safe_execute. It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6129
https://notcve.org/view.php?id=CVE-2019-6129
11 Jan 2019 — png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer. ** EN DISPUTA ** png_create_info_struct en png.c en libpng 1.6.36 tiene una fuga de memoria, tal y como queda demostrado con pngcp. NOTA: un tercero ha declarado "No creo que sea tarea de libpng liberar este búfer." • https://github.com/glennrp/libpng/issues/269 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 2CVE-2018-14048 – Ubuntu Security Notice USN-5432-1
https://notcve.org/view.php?id=CVE-2018-14048
13 Jul 2018 — An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. Se ha encontrado un problema en libpng 1.6.34. Es un SEGV en la función png_free_data en png.c, relacionado con el manejo de errores recomendado para png_read_image. It was discovered that libpng incorrectly handled memory when parsing certain PNG files. • http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html •
CVSS: 6.5EPSS: 2%CPEs: 19EXPL: 0CVE-2018-13785 – libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service
https://notcve.org/view.php?id=CVE-2018-13785
09 Jul 2018 — In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. En libpng 1.6.34, un cálculo erróneo de row_factor en la función png_check_chunk_length (pngrutil.c) podría desencadenar un desbordamiento de enteros y una división entre cero resultante al procesar un archivo PNG manipulado, lo que conduciría a una denegación de servicio (DoS)... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-190: Integer Overflow or Wraparound CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 2%CPEs: 252EXPL: 0CVE-2016-10087 – Ubuntu Security Notice USN-3712-2
https://notcve.org/view.php?id=CVE-2016-10087
31 Dec 2016 — The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. La función png_set_text_2 en libpng 0.71 en versiones anteriores a 1.0.67, 1.2.x en versiones anteriores a 1.2.57, 1.4.x en versiones anteriores a 1.4.20, 1.5.x en... • http://www.openwall.com/lists/oss-security/2016/12/29/2 • CWE-476: NULL Pointer Dereference •