Lucene search
K

16 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in grub2

A crafted 16-bit grayscale PNG image may lead to an out-of-bounds write in the heap area. An attacker may exploit this to cause heap data corruption or, ultimately, arbitrary code execution and circumvent secure boot protections. This issue is highly complex to exploit; an attacker needs to perfo...

4.5CVSS7.3AI score0.00462EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2023/10/05 7:0 a.m.1 views

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.

...

4.5CVSS6.5AI score0.00462EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/20 12:0 a.m.98 views

Amazon Linux 2 : grub2 (ALAS-2023-2146)

The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2146 advisory. A flaw was found in grub 2, where a crafted 16-bit grayscale PNG image may lead to an out-of-bounds write. This flaw allows ...

8.6CVSS7.4AI score0.01284EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.1 views

SUSE CVE-2007-2445

The pnghandletRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service application crash via a grayscale PNG image with a bad tRNS chunk CRC value...

5CVSS6.8AI score0.05115EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:41 a.m.2 views

SUSE CVE-2013-0792

Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.colormanagement.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service memory corruption via a...

4.3CVSS8.5AI score0.01382EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2022/07/14 12:0 a.m.41 views

Oracle Linux 9 : grub2 (ELSA-2022-9596)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9596 advisory. - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 Tenable has extracted the preceding descripti...

8.1CVSS6.6AI score0.01284EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2022/06/14 12:0 a.m.34 views

SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2022:2064-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2064-1 advisory. - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may tak...

8.1CVSS7.3AI score0.01284EPSS
Exploits0References25
Mozilla
Mozilla
added 2013/04/02 12:0 a.m.37 views

Memory corruption while rendering grayscale PNG images — Mozilla

Mozilla community member Tobias Schula reported that if gfx.colormanagement.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image...

4.3CVSS6.1AI score0.01382EPSS
Exploits0References2Affected Software2
OpenVAS
OpenVAS
added 2009/03/23 12:0 a.m.25 views

Ubuntu Update for libpng vulnerability USN-472-1

Ubuntu Update for Linux kernel vulnerabilities USN-472-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4721.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for libpng vulnerability USN-472-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

5CVSS0.4AI score0.05115EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2007/06/12 12:43 a.m.92 views

USN-472-1: libpng vulnerability

It was discovered that libpng did not correctly handle corrupted CRC in grayscale PNG images. By tricking a user into opening a specially crafted PNG, a remote attacker could cause the application using libpng to crash, resulting in a denial of service...

5CVSS5.3AI score0.05115EPSS
Exploits1
Prion
Prion
added 2007/05/16 10:30 p.m.27 views

Code injection

The pnghandletRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service application crash via a grayscale PNG image with a bad tRNS chunk CRC value...

5CVSS8.7AI score0.05115EPSS
Exploits1References51Affected Software1
NVD
NVD
added 2007/05/16 10:30 p.m.26 views

CVE-2007-2445

The pnghandletRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service application crash via a grayscale PNG image with a bad tRNS chunk CRC value...

5CVSS6.3AI score0.05115EPSS
Exploits1References51
OSV
OSV
added 2007/05/16 10:30 p.m.6 views

CVE-2007-2445

The pnghandletRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service application crash via a grayscale PNG image with a bad tRNS chunk CRC value...

6.3AI score
Exploits0References52
Cvelist
Cvelist
added 2007/05/16 10:0 p.m.34 views

CVE-2007-2445

The pnghandletRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service application crash via a grayscale PNG image with a bad tRNS chunk CRC value...

9AI score0.05115EPSS
Exploits1References51
ALT Linux
ALT Linux
added 2007/05/16 12:0 a.m.58 views

Security fix for the ALT Linux 5 package libpng version 1.2.13-alt3

May 16, 2007 Dmitry V. Levin 1.2.13-alt3 - Imported upstream fix for pnghandletRNS bug CVE-2007-2445: a grayscale PNG image with a malformed tRNS chunk may crash some libpng applications...

5CVSS9.4AI score0.05115EPSS
Exploits1
ALT Linux
ALT Linux
added 2007/05/16 12:0 a.m.39 views

Security fix for the ALT Linux 6 package libpng version 1.2.13-alt3

May 16, 2007 Dmitry V. Levin 1.2.13-alt3 - Imported upstream fix for pnghandletRNS bug CVE-2007-2445: a grayscale PNG image with a malformed tRNS chunk may crash some libpng applications...

5CVSS9.4AI score0.05115EPSS
Exploits1
Rows per page
Query Builder