66 matches found
Azure Linux 3.0 Security Update: fltk / teckit (CVE-2015-2158)
The version of fltk / teckit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2015-2158 advisory. - Off-by-one error in the pngcrushmeasureidat function in pngcrush.c in pngcrush before 1.7.84 allows...
EUVD-2019-0291
Malware in sbrugna...
EUVD-2015-2267
Malware in sbrugna...
EUVD-2015-7601
Malware in sbrugna...
Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service
...
OPENSUSE-SU-2024:10351-1 pngcrush-1.7.92-1.5 on GA media
These are all security issues fixed in the pngcrush-1.7.92-1.5 package on the GA media of openSUSE Tumbleweed...
RHEL 7 : pngcrush (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pngcrush: double-free in sPLT and png.c file CVE-2015-7700 Note that Nessus has not tested for this issue but has...
Ubuntu 16.04 ESM : pngcrush vulnerability (USN-5236-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5236-1 advisory. Brian Carpenter discovered that pngcrush incorrectly handled specially crafted file. An attacker could possibly use this issue to cause a denial of service. Tenab...
SUSE CVE-2015-7700
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors...
Ubuntu: Security Advisory (USN-5236-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2015-0101)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5236-1: pngcrush vulnerability
Brian Carpenter discovered that pngcrush incorrectly handled specially crafted file. An attacker could possibly use this issue to cause a denial of service...
USN-5236-1 A security issue was fixed in pngcrush
Brian Carpenter discovered that pngcrush incorrectly handled specially crafted file. An attacker could possibly use this issue to cause a denial of service...
GHSA-G93H-75M9-3QQ4 pngcrush-installer downloads Resources over HTTP
Affected versions of pngcrush-installer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...
pngcrush-installer downloads Resources over HTTP
Affected versions of pngcrush-installer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...
pngcrush-installer code execution vulnerability
pngcrush-installer is the installer for pngcrush. A security vulnerability exists in versions of pngcrush-installer prior to 1.8.10 that originates when the program downloads binary resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requested binary...
CVE-2016-10570
pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary ...
CVE-2016-10570
pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary ...
Remote code execution
pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary ...
CVE-2016-10570
The CVE-2016-10570 entry concerns pngcrush-installer, the installer for Pngcrush. The vulnerability arises in versions below 1.8.10 that download binary resources over HTTP. This insecure download path enables an attacker with network access or a privileged network position to perform a MITM inte...