Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| greg_roelofs | libpng | 1.0.12 |
| greg_roelofs | libpng3 | 1.2.1 |
Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| greg_roelofs | libpng | 1.2.4 |
| greg_roelofs | libpng | 1.0.14 |
Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| greg_roelofs | libpng | 1.2.4 |
| greg_roelofs | libpng | 1.0.11 |
| greg_roelofs | libpng | 1.0.5 |
| greg_roelofs | libpng | 1.0.13 |
| greg_roelofs | libpng | 1.0.12 |
| greg_roelofs | libpng | 1.0.14 |
| greg_roelofs | libpng | 1.2.0 |
| greg_roelofs | libpng | 1.2.2 |
| greg_roelofs | libpng | 1.0.7 |
| greg_roelofs | libpng | 1.0.6 |
| greg_roelofs | libpng | 1.2.1 |
| greg_roelofs | libpng | 1.0.8 |
| greg_roelofs | libpng | 1.2.3 |
| greg_roelofs | libpng | 1.0.9 |
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| microsoft | windows_media_player | 9 |
| microsoft | msn_messenger | 6.1 |
| microsoft | windows_98se | * |
| greg_roelofs | libpng | * |
| microsoft | windows_messenger | 5.0 |
| microsoft | msn_messenger | 6.2 |
| microsoft | windows_me | * |
The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| greg_roelofs | libpng | * |
Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| greg_roelofs | libpng | * |
libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| greg_roelofs | libpng3 | 1.2.0 |
| greg_roelofs | libpng3 | 1.2.2 |
| greg_roelofs | libpng3 | 1.2.4 |
| greg_roelofs | libpng3 | 1.2.3 |
| greg_roelofs | libpng3 | 1.2.5 |
| greg_roelofs | libpng3 | 1.2.1 |
Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option (Alphas_Of_Color), allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| greg_roelofs | pnmtopng | 2.38 |
| greg_roelofs | pnmtopng | 2.37.4 |
| greg_roelofs | pnmtopng | 2.37.3 |
| greg_roelofs | pnmtopng | 2.37.6 |
| greg_roelofs | pnmtopng | 2.37.5 |
Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| greg_roelofs | libpng | 1.2.7 |
Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| greg_roelofs | libpng | 1.2.4 |
| greg_roelofs | libpng | 1.2.7rc1 |
| greg_roelofs | libpng | 1.2.6 |
| greg_roelofs | libpng | 1.2.0 |
| greg_roelofs | libpng | 1.2.9 |
| greg_roelofs | libpng | 1.2.2 |
| greg_roelofs | libpng | 1.2.7 |
| greg_roelofs | libpng | 1.2.1 |
| greg_roelofs | libpng | * |
| greg_roelofs | libpng | 1.2.8 |
| greg_roelofs | libpng | 1.2.5 |
| greg_roelofs | libpng | 1.2.10 |
| greg_roelofs | libpng | 1.2.3 |
The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| greg_roelofs | libpng | 1.5.4 |