CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-12652 – libpng: does not check length of chunks against user limit
https://notcve.org/view.php?id=CVE-2017-12652
10 Jul 2019 — libpng before 1.6.32 does not properly check the length of chunks against the user limit. En libpng anterior a versión 1.6.32, no comprueba apropiadamente la longitud de fragmentos en comparación con el límite del usuario. It was discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute a... • http://www.securityfocus.com/bid/109269 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 252EXPL: 0CVE-2016-10087 – Ubuntu Security Notice USN-3712-2
https://notcve.org/view.php?id=CVE-2016-10087
31 Dec 2016 — The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. La función png_set_text_2 en libpng 0.71 en versiones anteriores a 1.0.67, 1.2.x en versiones anteriores a 1.2.57, 1.4.x en versiones anteriores a 1.4.20, 1.5.x en... • http://www.openwall.com/lists/oss-security/2016/12/29/2 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2016-3751
https://notcve.org/view.php?id=CVE-2016-3751
11 Jul 2016 — Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085. Vulnerabilidad no especificada en libpng en versiones anteriores a 1.6.20, como es usado en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones ante... • http://source.android.com/security/bulletin/2016-07-01.html •
CVSS: 9.3EPSS: 2%CPEs: 198EXPL: 0CVE-2015-8540 – libpng: underflow read in png_check_keyword()
https://notcve.org/view.php?id=CVE-2015-8540
18 Dec 2015 — Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. Desbordamiento inferior de entero en la función png_check_keyword en pngwutil.c en libpng 0.90 hasta la versión 0.99, 1.0.x en versiones anteriores a 1.0.66, 1.1.x y 1.2.... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html • CWE-125: Out-of-bounds Read CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 2%CPEs: 158EXPL: 1CVE-2015-7981 – libpng: Out-of-bounds read in png_convert_to_rfc1123
https://notcve.org/view.php?id=CVE-2015-7981
19 Nov 2015 — The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. La función png_convert_to_rfc1123 en png.c en libpng 1.0.x en versiones anteriores a 1.0.64, 1.2.x en versiones anteriores a 1.2.54 y 1.4.x en versiones anteriores a 1.4.17 permite a atacantes remotos obtener información sensible de la ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 2%CPEs: 62EXPL: 0CVE-2015-8126 – libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
https://notcve.org/view.php?id=CVE-2015-8126
13 Nov 2015 — Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Múltiples desbordamientos de buffer en las funciones (1) png_set_PLTE y (2) png_get_PLTE en libpng en ver... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 32EXPL: 3CVE-2015-0973 – Apple Security Advisory 2016-03-21-5
https://notcve.org/view.php?id=CVE-2015-0973
18 Jan 2015 — Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. Desbordamiento de buffer en la función png_read_IDAT_data en pngrutil.c en libpng anterior a 1.5.21 y 1.6.x anterior a 1.6.16 permite a atacantes dependientes de contexto ejecutar código arbitrario a través de datos IDAT con una anchura grande, una vulnerabi... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 31EXPL: 0CVE-2014-9495 – Mandriva Linux Security Advisory 2015-090
https://notcve.org/view.php?id=CVE-2014-9495
10 Jan 2015 — Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. Desbordamiento de buffer basado en memoria dinámica en la función png_combine_row en libpng en versiones anteriores a 1.5.21 y 1.6.x en versiones anteriores a 1.6.16, cuando se ejecuta en sistemas de 64 bits, podría permitir a atacantes dependientes del contexto eje... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2013-7353 – Mandriva Linux Security Advisory 2014-084
https://notcve.org/view.php?id=CVE-2013-7353
06 May 2014 — Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. Desbordamiento de enteros en la función png_set_unknown_chunks en libpng/pngset.c en libpng anterior a 1.5.14beta08 permite a atacantes dependientes de contexto causar una denegación de servicio (fallo de segmentación y caída) a través de un imag... • http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2013-7354 – Mandriva Linux Security Advisory 2014-084
https://notcve.org/view.php?id=CVE-2013-7354
06 May 2014 — Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. Múltiples desbordamientos de enteros en libpng anterior a 1.5.14rc03 permiten a atacantes remotos causar una denegación de servicio (caída) a través de un imagen manipulado hacia la función (1) png_set_sPLT o (2) png_set_text_2, lo que provoca un desbordamiento de buffer basa... • http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html • CWE-189: Numeric Errors •