SUSE CVE-2018-10540

An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytestocopy...

Denial Of Service (DoS)

libpng is vulnerable to denial of service. A flaw was discovered in the way libpng handled PNG images containing "unknown" chunks. If an application linked against libpng attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash...

ALPINE-CVE-2018-10539

An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytestocop...

UBUNTU-CVE-2018-10540

An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytestocopy...

PT-2018-9952 · Wavpack +3 · Wavpack +3

Name of the Vulnerable Software and Affected Versions: WavPack versions 5.1.0 and earlier Description: An issue was discovered related to out-of-bounds writes due to insufficient validation of unknown chunk sizes in WAV input. This occurs because of a lack of integer-overflow protection within a...

libpng security update

CentOS Errata and Security Advisory CESA-2009:0333-01 Updated libpng and libpng10 packages that fix a couple of security issues are now available for Red Hat Enterprise Linux 2.1, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The...

libpng unknown chunk handling flaw

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory...

Fedora 7 : libpng10-1.0.37-1.fc7 (2008-3979)

This update fixes the way that libpng10 handles unknown zero-length chunks, which in previous versions could result in writing to attacker controlled addresses, depending on how the libpng api is used. To be affected, an application would have to call pngsetkeepunknownchunks, which tells libpng n...

Design/Logic Flaw

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory...

CVE-2008-1382

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory...