CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 2CVE-2021-4214
https://notcve.org/view.php?id=CVE-2021-4214
24 Aug 2022 — A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. Se ha encontrado un fallo de desbordamiento de la pila en el programa pngimage.c de libpngs. Este fallo permite a un atacante con acceso a la red local pasar un archivo PNG especialmente diseñado a la utilidad pngimage, causando un fallo en la aplicación, conllevando... • https://access.redhat.com/security/cve/CVE-2021-4214 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12652 – libpng: does not check length of chunks against user limit
https://notcve.org/view.php?id=CVE-2017-12652
10 Jul 2019 — libpng before 1.6.32 does not properly check the length of chunks against the user limit. En libpng anterior a versión 1.6.32, no comprueba apropiadamente la longitud de fragmentos en comparación con el límite del usuario. It was discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute a... • http://www.securityfocus.com/bid/109269 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 57EXPL: 1CVE-2019-7317 – libpng: use-after-free in png_image_free in png.c
https://notcve.org/view.php?id=CVE-2019-7317
04 Feb 2019 — png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. La función png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la función png_image_free_function es llamada bajo png_safe_execute. It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 7.5EPSS: 2%CPEs: 252EXPL: 0CVE-2016-10087 – Ubuntu Security Notice USN-3712-2
https://notcve.org/view.php?id=CVE-2016-10087
31 Dec 2016 — The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. La función png_set_text_2 en libpng 0.71 en versiones anteriores a 1.0.67, 1.2.x en versiones anteriores a 1.2.57, 1.4.x en versiones anteriores a 1.4.20, 1.5.x en... • http://www.openwall.com/lists/oss-security/2016/12/29/2 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2016-3751
https://notcve.org/view.php?id=CVE-2016-3751
11 Jul 2016 — Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085. Vulnerabilidad no especificada en libpng en versiones anteriores a 1.6.20, como es usado en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones ante... • http://source.android.com/security/bulletin/2016-07-01.html •
CVSS: 9.3EPSS: 17%CPEs: 198EXPL: 0CVE-2015-8540 – libpng: underflow read in png_check_keyword()
https://notcve.org/view.php?id=CVE-2015-8540
18 Dec 2015 — Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. Desbordamiento inferior de entero en la función png_check_keyword en pngwutil.c en libpng 0.90 hasta la versión 0.99, 1.0.x en versiones anteriores a 1.0.66, 1.1.x y 1.2.... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html • CWE-125: Out-of-bounds Read CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 7%CPEs: 114EXPL: 0CVE-2015-8472 – libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
https://notcve.org/view.php?id=CVE-2015-8472
10 Dec 2015 — Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. Desbordamiento de buffer en la función png_set_PLTE en libpng e... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 1%CPEs: 158EXPL: 1CVE-2015-7981 – libpng: Out-of-bounds read in png_convert_to_rfc1123
https://notcve.org/view.php?id=CVE-2015-7981
19 Nov 2015 — The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. La función png_convert_to_rfc1123 en png.c en libpng 1.0.x en versiones anteriores a 1.0.64, 1.2.x en versiones anteriores a 1.2.54 y 1.4.x en versiones anteriores a 1.4.17 permite a atacantes remotos obtener información sensible de la ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 7%CPEs: 62EXPL: 0CVE-2015-8126 – libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
https://notcve.org/view.php?id=CVE-2015-8126
13 Nov 2015 — Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Múltiples desbordamientos de buffer en las funciones (1) png_set_PLTE y (2) png_get_PLTE en libpng en ver... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 32EXPL: 3CVE-2015-0973 – Apple Security Advisory 2016-03-21-5
https://notcve.org/view.php?id=CVE-2015-0973
18 Jan 2015 — Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. Desbordamiento de buffer en la función png_read_IDAT_data en pngrutil.c en libpng anterior a 1.5.21 y 1.6.x anterior a 1.6.16 permite a atacantes dependientes de contexto ejecutar código arbitrario a través de datos IDAT con una anchura grande, una vulnerabi... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •