EUVD-2026-30842

ExifReader is vulnerable to denial of service via unbounded decompression of image metadata...

CVE-2026-8814

CVE-2026-8814 affects the ExifReader library prior to version 4.39.0. The issue is an improper handling of highly compressed data (Data Amplification) that occurs when decompressing PNG zTXt metadata without a built-in maximum decompressed output size, which can cause a crafted PNG to materialize...

Azure Linux 3.0 Security Update: fltk (CVE-2016-10087)

The version of fltk installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2016-10087 advisory. - The pngsettext2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before...

MiracleLinux 3 : libpng-1.2.10-17.0.1.AXS3 (AXSA:2012-642:03)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-642:03 advisory. The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphic...

EUVD-2016-1279

Malware in sbrugna...

0day-buffer-overflow-in-exiv2

PoC and patch for heap-buffer-overflow in PngChunk::readRawProf...

RHEL 7 : libpng (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libpng: underflow read in pngcheckkeyword CVE-2015-8540 - The pngsettext2 function in libpng 0.71 before...

RHEL 6 : libpng (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libpng: underflow read in pngcheckkeyword CVE-2015-8540 - The pngsettext2 function in libpng 0.71 before...

SUSE CVE-2011-3048

The pngsettext2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocati...

SUSE CVE-2014-9601

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed...

SUSE CVE-2016-10087

The pngsettext2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and...

SUSE CVE-2017-17669

There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunkint.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack...

SUSE CVE-2018-10999

An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read...

SUSE CVE-2018-16336

Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted image file, a different vulnerability than CVE-2018-10999...

Exiv2 Denial of Service Vulnerability (CNVD-2018-18043)

Exiv2 is a set of C++ libraries and command line applications for managing image metadata by software developer Andreas Huggel, which provides for reading and writing image metadata in a variety of formats including EXIF, IPTC and XMP. A security vulnerability exists in the...

DEBIAN-CVE-2018-16336

Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted image file, a different vulnerability than CVE-2018-10999...

PYSEC-2018-128

An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read...

Denial Of Service (DoS) Through A Null Pointer Dereference

libpng is vulnerable to denial of service DoS attacks via null pointer dereference. The vulnerability has existed in libpng since version 0.71. To be vulnerable, an application has to load a text chunk into the png structure, then delete all text, then add another text chunk to the same png...

AZL-44325 CVE-2016-10087 affecting package fltk for versions less than 1.3.8-1

The pngsettext2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and...

AZL-44883 CVE-2016-10087 affecting package openjpeg2 2.3.1-12

The pngsettext2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and...