CVE-2017-8400

In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function pngload in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution...

pngdefry 'pngdefry.c' heap buffer overflow vulnerability

pngdefry is a suite of applications for iPhone and iPad to modify PNG images. A heap buffer overflow vulnerability exists in pngdefry 2017-03-22 and earlier versions. Due to the program failing to properly handle specially crafted png files. An attacker could exploit the vulnerability to cause a...

The vulnerability of the console-based graphic editor ImageMagick, which allows a hacker to trigger a service failure

The vulnerability of the SpliceImage function in the console-based image editing tool ImageMagick is related to reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure application termination by using a specially created PNG file...

OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)

It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory...

OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)

It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory...

[SECURITY] Fedora 25 Update: libpng-1.6.27-1.fc25

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

The vulnerability of the libpng library, which allows a hacker to cause a service failure or exert other effects

The vulnerability of the pngsetPLTE function in the libpng library arises due to buffer overflow. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service interruptions or other effects such as the termination of an application by using a specially crafted PNG ima...

The vulnerability of the libpng library, which allows a hacker to cause a service failure

The vulnerability of the pngPushReadzTXt function in the libpng library is caused by buffer overflow. Exploiting this vulnerability could allow an attacker to trigger a service failure memory out-of-bound reading by setting a high value in the availin field of a PNG image...

The vulnerability of the libpng library, which allows a hacker to execute arbitrary code

The vulnerability of the pngcombinerow function in the libpng library arises due to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted PNG file...

The vulnerability of the Linter Bastion database management system allows a malicious individual to execute arbitrary code.

Exploiting vulnerabilities in the libpng library version 1.0.6 allows a malicious individual to execute arbitrary code using an improperly created PNG file...

ImageMagick: Crash due to out of bounds error in SpliceImage

The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service application crash via a crafted png file...

DEBIAN-CVE-2015-7801

Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file...

VulnCheck KEV: CVE-2013-1331

Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document...

PhotoLab Processing PNG Images Memory Corruption Vulnerability

PhotoLab is a Image Processing software developed by SELTECO Corporation company. A memory corruption vulnerability exists in the processing of PNG images. Allowing an attacker to exploit this vulnerability to construct a malformed PNG image can cause the program to crash; if successfully...

libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions

It was discovered that the pnggetPLTE and pngsetPLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer...

libpng: Out-of-bounds read in png_convert_to_rfc1123

An array-indexing error was discovered in the pngconverttorfc1123 function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image...

Vulnerabilities in the libpng library, which allow a hacker to trigger a service failure

The multiple vulnerabilities in the pngsetPLTE and pnggetPLTE functions of the libpng library are caused by buffer overflows. Exploiting these vulnerabilities could allow an attacker to cause a service failure by inserting the IHDR header into a PNG image...

[SECURITY] Fedora 22 Update: libpng10-1.0.66-1.fc22

The libpng10 package contains an old version of libpng, a library of functi ons for creating and manipulating PNG Portable Network Graphics image format files. This package is needed if you want to run binaries that were linked dynamic ally with libpng 1.0.x...

UBUNTU-CVE-2015-8897

The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service application crash via a crafted png file...

libpng security update

CentOS Errata and Security Advisory CESA-2015:2596 Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...