Filtered by vendor Libpng
Subscribe
Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2042 | 1 Libpng | 1 Libpng | 2017-08-17 | 4.3 MEDIUM | N/A |
| libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. | |||||
| CVE-2015-7981 | 4 Canonical, Debian, Libpng and 1 more | 10 Ubuntu Linux, Debian Linux, Libpng and 7 more | 2017-07-01 | 5.0 MEDIUM | N/A |
| The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. | |||||
| CVE-2013-7354 | 1 Libpng | 1 Libpng | 2016-12-31 | 5.0 MEDIUM | N/A |
| Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. | |||||
| CVE-2013-7353 | 1 Libpng | 1 Libpng | 2016-12-31 | 5.0 MEDIUM | N/A |
| Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. | |||||
| CVE-2014-9495 | 2 Apple, Libpng | 2 Mac Os X, Libpng | 2016-10-18 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. | |||||
| CVE-2014-0333 | 1 Libpng | 1 Libpng | 2014-03-26 | 5.0 MEDIUM | N/A |
| The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero. | |||||
| CVE-2011-3464 | 1 Libpng | 1 Libpng | 2012-07-23 | 7.5 HIGH | N/A |
| Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow. | |||||