16 matches found
Astra Linux – Vulnerability in grub2
A crafted 16-bit grayscale PNG image may lead to an out-of-bounds write in the heap area. An attacker may exploit this to cause heap data corruption or, ultimately, arbitrary code execution and circumvent secure boot protections. This issue is highly complex to exploit; an attacker needs to perfo...
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
...
Amazon Linux 2 : grub2 (ALAS-2023-2146)
The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2146 advisory. A flaw was found in grub 2, where a crafted 16-bit grayscale PNG image may lead to an out-of-bounds write. This flaw allows ...
SUSE CVE-2007-2445
The pnghandletRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service application crash via a grayscale PNG image with a bad tRNS chunk CRC value...
SUSE CVE-2013-0792
Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.colormanagement.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service memory corruption via a...
Oracle Linux 9 : grub2 (ELSA-2022-9596)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9596 advisory. - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 Tenable has extracted the preceding descripti...
SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2022:2064-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2064-1 advisory. - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may tak...
Memory corruption while rendering grayscale PNG images — Mozilla
Mozilla community member Tobias Schula reported that if gfx.colormanagement.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image...
Ubuntu Update for libpng vulnerability USN-472-1
Ubuntu Update for Linux kernel vulnerabilities USN-472-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4721.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for libpng vulnerability USN-472-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
USN-472-1: libpng vulnerability
It was discovered that libpng did not correctly handle corrupted CRC in grayscale PNG images. By tricking a user into opening a specially crafted PNG, a remote attacker could cause the application using libpng to crash, resulting in a denial of service...
Code injection
The pnghandletRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service application crash via a grayscale PNG image with a bad tRNS chunk CRC value...
CVE-2007-2445
The pnghandletRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service application crash via a grayscale PNG image with a bad tRNS chunk CRC value...
CVE-2007-2445
The pnghandletRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service application crash via a grayscale PNG image with a bad tRNS chunk CRC value...
CVE-2007-2445
The pnghandletRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service application crash via a grayscale PNG image with a bad tRNS chunk CRC value...
Security fix for the ALT Linux 5 package libpng version 1.2.13-alt3
May 16, 2007 Dmitry V. Levin 1.2.13-alt3 - Imported upstream fix for pnghandletRNS bug CVE-2007-2445: a grayscale PNG image with a malformed tRNS chunk may crash some libpng applications...
Security fix for the ALT Linux 6 package libpng version 1.2.13-alt3
May 16, 2007 Dmitry V. Levin 1.2.13-alt3 - Imported upstream fix for pnghandletRNS bug CVE-2007-2445: a grayscale PNG image with a malformed tRNS chunk may crash some libpng applications...