Libpng@1.2.11 Security Vulnerabilities and Issues — Libpng@1.2.11 CVE List

Lucene search

LibpngLibpng1.2.11

9 matches found

CVE•added 2016/01/21 3:59 p.m.•171 views

CVE-2015-8472

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a smal...

7.5CVSS7.4AI score0.04755EPSS

CVE•added 2016/04/14 2:59 p.m.•165 views

CVE-2015-8540

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG im...

9.3CVSS9.1AI score0.17054EPSS

CVE•added 2015/11/24 8:59 p.m.•156 views

CVE-2015-7981

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

5CVSS7.9AI score0.00786EPSS

CVE•added 2012/08/13 8:55 p.m.•95 views

CVE-2012-3425

The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.

4.3CVSS8.1AI score0.01644EPSS

CVE•added 2008/04/14 4:5 p.m.•75 views

CVE-2008-1382

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.

7.5CVSS7.7AI score0.06916EPSS

CVE•added 2012/05/29 8:55 p.m.•75 views

CVE-2011-3048

The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory alloc...

6.8CVSS8.8AI score0.06152EPSS

CVE•added 2009/06/12 8:30 p.m.•67 views

CVE-2009-2042

libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the...

4.3CVSS9.1AI score0.01613EPSS

CVE•added 2009/02/20 5:30 p.m.•64 views

CVE-2008-6218

Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.

7.1CVSS7.9AI score0.0319EPSS

CVE•added 2011/08/31 11:55 p.m.•49 views

CVE-2006-7244

Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.

5CVSS6.5AI score0.0042EPSS