25 matches found
EUVD-2015-7601
Malware in sbrugna...
SUSE CVE-2015-7700
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors...
Fedora 33 : pngcheck (2020-f3a397cbf8)
"Previous fix for buffer overrun printing the contents of the sPLT chunk in certain malformed inputs RHBZ1905775 was incomplete; it should be properly fixed now. ---- Security fix for multiple buffer overflows from crafted file input RHBZ1902786,1902806,1902810: no CVE yet assigned, and for buffe...
Fedora 32 : pngcheck (2020-daffd78c3d)
"Previous fix for buffer overrun printing the contents of the sPLT chunk in certain malformed inputs RHBZ1905775 was incomplete; it should be properly fixed now. ---- Security fix for multiple buffer overflows from crafted file input RHBZ1902786,1902806,1902810: no CVE yet assigned, and for buffe...
Denial Of Service (DoS)
libpng is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the sPLT chunk handling code in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was opened...
CVE-2015-7700
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors...
pngcrush double release vulnerability
pngcrush is a set of PNG image compression tools. The tool supports batch compression of images in PNG format. A double release vulnerability exists in the png.c file and sPLT chunk structure in versions of pngcrush prior to 1.7.87. No detailed vulnerability details are provided at this time...
UBUNTU-CVE-2015-7700
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors...
Double free
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors...
CVE-2015-7700
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors...
CVE-2015-7700
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors...
DEBIAN-CVE-2015-7700
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors...
CVE-2015-7700
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors...
CVE-2015-7700
CVE-2015-7700 affects pngcrush before v1.7.87, with a double-free in the sPLT chunk structure and in png.c. The issue is described across multiple sources as allowing unspecified impact via unknown vectors. Public details identify the vulnerable component as pngcrush’s parsing/handling of sPLT an...
CVE-2015-7700
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors...
CVE-2015-7700
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors...
Amazon Linux AMI : pngcrush (ALAS-2016-646)
A double-free bug was discovered in pngcrush's handling of the sPLT chunk. A malicious PNG could crash the pngcrush process. CVE-2015-7700 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2016-646...
Low: pngcrush
Issue Overview: A double-free bug was discovered in pngcrush's handling of the sPLT chunk. A malicious PNG could crash the pngcrush process. CVE-2015-7700 Affected Packages: pngcrush Issue Correction: Run yum update pngcrush or yum update --advisory ALAS-2016-646 to update your system. New...
Internet Bug Bounty: pngcrush double-free/segfault could result in DoS (CVE-2015-7700)
All versions of pngcrush pmt.sourceforge.net/pngcrush prior to version 1.7.87 have a double-free segfault that can be triggered by reading a valid PNG file that contains the sPLT chunk. This bug has been fixed in 1.7.87 by the project maintainer. Persuading someone to run pngcrush with a valid PN...
SuSE 10 Security Update : libpng (ZYPP Patch Number 2325)
The sPLT chunk handling in libpng was incorrect and a handcrafted PNG file could be use to cause an out-of-bounds read, effectively crashing the PNG viewer or webbrowser. CVE-2006-5793 Additionally a 2 byte stackoverflow was fixed which we do not believe to be exploitable. It will cause an abort ...