Lucene search
K

33 matches found

Amazon
Amazon
added 2016/02/09 12:0 a.m.31 views

Low: pngcrush

Issue Overview: A double-free bug was discovered in pngcrush's handling of the sPLT chunk. A malicious PNG could crash the pngcrush process. CVE-2015-7700 Affected Packages: pngcrush Issue Correction: Run yum update pngcrush or yum update --advisory ALAS-2016-646 to update your system. New...

9.8CVSS9.6AI score0.02191EPSS
Exploits0
Hacker One
Hacker One
added 2015/10/12 8:48 p.m.28 views

Internet Bug Bounty: pngcrush double-free/segfault could result in DoS (CVE-2015-7700)

All versions of pngcrush pmt.sourceforge.net/pngcrush prior to version 1.7.87 have a double-free segfault that can be triggered by reading a valid PNG file that contains the sPLT chunk. This bug has been fixed in 1.7.87 by the project maintainer. Persuading someone to run pngcrush with a valid PN...

7.5CVSS9AI score0.02191EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/12/13 12:0 a.m.49 views

SuSE 10 Security Update : libpng (ZYPP Patch Number 2325)

The sPLT chunk handling in libpng was incorrect and a handcrafted PNG file could be use to cause an out-of-bounds read, effectively crashing the PNG viewer or webbrowser. CVE-2006-5793 Additionally a 2 byte stackoverflow was fixed which we do not believe to be exploitable. It will cause an abort ...

7.5CVSS7.7AI score0.03975EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.35 views

Ubuntu 5.10 / 6.06 LTS / 6.10 : libpng vulnerability (USN-383-1)

Tavis Ormandy discovered that libpng did not correctly calculate the size of sPLT structures when reading an image. By tricking a user or an automated system into processing a specially crafted PNG file, an attacker could exploit this weakness to crash the application using the library. Note that...

2.6CVSS7.7AI score0.01729EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.36 views

openSUSE 10 Security Update : libpng (libpng-2322)

The sPLT chunk handling in libpng was incorrect and a handcrafted PNG file could be use to cause an out-of-bounds read, effectively crashing the PNG viewer or webbrowser. CVE-2006-5793 Additionaly a 2 byte stackoverflow was fixed which we do not believe to be exploitable. It will cause an abort o...

7.5CVSS7.7AI score0.03975EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2007/05/17 9:45 p.m.36 views

Moderate: Red Hat Security Advisory: libpng security update

Updated libpng packages that fix security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng package contains a library of functions for creating and manipulating PNG Portable Netwo...

5CVSS7AI score0.05115EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2006/11/20 12:0 a.m.38 views

GLSA-200611-09 : libpng: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200611-09 libpng: Denial of Service Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that a vulnerability exists in the sPLT chunk handling code of libpng, a large sPLT chunk may cause an application to attempt to...

2.6CVSS7.9AI score0.01729EPSS
Exploits1References2
NVD
NVD
added 2006/11/17 11:7 p.m.20 views

CVE-2006-5793

The sPLT chunk handling code pngsetsPLT function in pngset.c in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service crash via malformed sPLT chunks that trigger an out-of-bounds read...

2.6CVSS6.3AI score0.01729EPSS
Exploits1References43
Cvelist
Cvelist
added 2006/11/17 11:0 p.m.31 views

CVE-2006-5793

The sPLT chunk handling code pngsetsPLT function in pngset.c in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service crash via malformed sPLT chunks that trigger an out-of-bounds read...

9AI score0.01729EPSS
Exploits1References43
CVE
CVE
added 2006/11/17 11:0 p.m.82 views

CVE-2006-5793

Concrete details found: The issue affects libpng 1.0.6–1.2.12, due to a wrong data-type size in the sPLT chunk handling (png_set_sPLT in pngset.c). This can trigger an out-of-bounds read and crash (DoS) when processing malformed sPLT chunks. Remediation referenced in connected docs as patching li...

2.6CVSS9AI score0.01729EPSS
Exploits1References43Affected Software1
Ubuntu
Ubuntu
added 2006/11/17 8:58 a.m.72 views

USN-383-1: libpng vulnerability

Tavis Ormandy discovered that libpng did not correctly calculate the size of sPLT structures when reading an image. By tricking a user or an automated system into processing a specially crafted PNG file, an attacker could exploit this weakness to crash the application using the library...

2.6CVSS7.7AI score0.01729EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/11/17 12:0 a.m.51 views

libpng: Denial of service

Background libpng is a free ANSI C library used to process and manipulate PNG images. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that a vulnerability exists in the sPLT chunk handling code of libpng, a large sPLT chunk may cause an application to attempt to read...

2.6CVSS6.4AI score0.01729EPSS
Exploits1
securityvulns
securityvulns
added 2006/11/16 12:0 a.m.30 views

[SA22900] libpng sPLT Chunk Handling Denial of Service

TITLE: libpng sPLT Chunk Handling Denial of Service SECUNIA ADVISORY ID: SA22900 VERIFY ADVISORY: http://secunia.com/advisories/22900/ CRITICAL: Less critical IMPACT: DoS WHERE: From remote SOFTWARE: libpng 1.x http://secunia.com/product/3439/ DESCRIPTION: Tavis Ormandy has reported a vulnerabili...

0.4AI score
Exploits0
Rows per page
Query Builder