ALPINE-CVE-2019-13108

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset...

USN-3936-1 advancecomp vulnerability

It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code...

Memory Corruption Vulnerability in Photo Lab's Processing of png Images

Photo Lab is a foreign photo viewing tool. Photo Lab suffers from a memory corruption vulnerability in the handling of png images, which can be exploited by an attacker to cause the program to crash and execute arbitrary code by constructing a malformed png image...

DEBIAN-CVE-2019-7317

pngimagefree in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because pngimagefreefunction is called under pngsafeexecute...

ok-file-formats buffer overflow vulnerability

ok-file-formats is a decoder for files in PNG, JPEG and WAV formats. ok-file-formats A buffer overflow vulnerability exists in the 'okwavdecodemsadpcmdata' function of the okwav.c file in versions 2018-10-16 and earlier. An attacker could exploit this vulnerability to execute code or cause a deni...

The vulnerability of the GraphicsMagick graphic editor, related to the lack of checks for division by zero, allows a hacker to trigger a service failure.

The vulnerability of the GraphicsMagick graphic editor is related to an error that causes division by zero when reading MNG images from the png.c file. Exploiting this vulnerability can allow a remote attacker to cause the application to terminate abnormally using a specially crafted image...

libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service

In libpng 1.6.34, a wrong calculation of rowfactor in the pngcheckchunklength function pngrutil.c may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service...

libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service

In libpng 1.6.34, a wrong calculation of rowfactor in the pngcheckchunklength function pngrutil.c may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service...

LuPng Buffer Over-Read Vulnerability

LuPng is a PNG format decoder/encoder. A heap buffer over-read vulnerability exists in the 'internalPrintf' function of the miniz/lupng.c file in LuPng 2017-03-10 and earlier versions, which can be exploited by an attacker to execute arbitrary code or cause a denial of service...

USN-3785-1 imagemagick vulnerabilities

Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate...

DEBIAN-CVE-2018-16336

Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted image file, a different vulnerability than CVE-2018-10999...

PT-2018-3946 · Libpng +2 · Libpng +2

Name of the Vulnerable Software and Affected Versions: Libpng versions prior to 1.6.36 Description: The issue is related to a stack-based buffer overflow in the get token function in pnm2png.c of the libpng library, which can be exploited by a remote attacker to access sensitive data, compromise...

PYSEC-2018-129

In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file...

UBUNTU-CVE-2017-2900

An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application...

Memory Corruption Vulnerability in ApowerPDF Processing of PNG Files

ApowerPDF is a PDF editor that can be used to convert, view, create PDF files and provide users with a one-stop PDF solution. A memory corruption vulnerability exists in ApowerPDF's handling of PNG files. An attacker can cause the program to crash by constructing a malformed PNG file. Successful...

UBUNTU-CVE-2018-10177

In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file...

GraphicsMagick 'ReadOnePNGImage' Function Denial of Service Vulnerability

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A security vulnerability exists in the 'ReadOnePNGImage' function in the coders/png.c file in GraphicsMagick version 1.3.26. An attacker can exploit this...

UBUNTU-CVE-2017-18219

An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large pngpixels array allocation...

UBUNTU-CVE-2017-17915

In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached...

UBUNTU-CVE-2017-17884

In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file...