Libpng@1.0.9 Security Vulnerabilities and Issues — Libpng@1.0.9 CVE List

Lucene search

LibpngLibpng1.0.9

9 matches found

CVE•added 2016/04/14 2:59 p.m.•165 views

CVE-2015-8540

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG im...

9.3CVSS9.1AI score0.17054EPSS

CVE•added 2015/11/24 8:59 p.m.•156 views

CVE-2015-7981

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

5CVSS7.9AI score0.00786EPSS

CVE•added 2017/01/30 10:59 p.m.•104 views

CVE-2016-10087

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and...

7.5CVSS6.5AI score0.01851EPSS

CVE•added 2012/08/13 8:55 p.m.•95 views

CVE-2012-3425

The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.

4.3CVSS8.1AI score0.01644EPSS

CVE•added 2004/08/18 4:0 a.m.•77 views

CVE-2004-0421

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

5CVSS7.1AI score0.02457EPSS

CVE•added 2008/04/14 4:5 p.m.•75 views

CVE-2008-1382

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.

7.5CVSS7.7AI score0.06916EPSS

CVE•added 2012/05/29 8:55 p.m.•75 views

CVE-2011-3048

The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory alloc...

6.8CVSS8.8AI score0.06152EPSS

CVE•added 2009/06/12 8:30 p.m.•67 views

CVE-2009-2042

libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the...

4.3CVSS9.1AI score0.01613EPSS

CVE•added 2011/08/31 11:55 p.m.•49 views

CVE-2006-7244

Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.

5CVSS6.5AI score0.0042EPSS