Libpng Security Vulnerabilities and Issues — Libpng CVE List

Lucene search

Greg RoelofsLibpng

10 matches found

CVE•added 2004/11/23 5:0 a.m.•107 views

CVE-2004-0597

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBI...

10CVSS7.5AI score0.84316EPSS

CVE•added 2004/09/01 4:0 a.m.•75 views

CVE-2002-1363

Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.

7.5CVSS7.7AI score0.06787EPSS

CVE•added 2002/08/12 4:0 a.m.•66 views

CVE-2002-0660

Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.

7.5CVSS7.4AI score0.00957EPSS

CVE•added 2004/11/23 5:0 a.m.•65 views

CVE-2004-0599

Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.

5CVSS6.1AI score0.31363EPSS

CVE•added 2006/06/30 11:5 p.m.•58 views

CVE-2006-3334

Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".

7.5CVSS9.6AI score0.01752EPSS

CVE•added 2006/11/17 11:7 p.m.•57 views

CVE-2006-5793

The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.

2.6CVSS9AI score0.02329EPSS

CVE•added 2004/11/23 5:0 a.m.•54 views

CVE-2004-0598

The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.

5CVSS6.1AI score0.31346EPSS

CVE•added 2002/08/12 4:0 a.m.•52 views

CVE-2002-0728

Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.

5CVSS6.5AI score0.00542EPSS

CVE•added 2006/01/31 6:3 p.m.•44 views

CVE-2006-0481

Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.

5CVSS6.6AI score0.02064EPSS

CVE•added 2012/01/17 7:55 p.m.•39 views

CVE-2011-3328

The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.

2.6CVSS6.5AI score0.07767EPSS