MidnightBSD

Advisories for greg_roelofs

CVE-2002-0660 HIGH

Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
greg_roelofs libpng 1.0.12
greg_roelofs libpng3 1.2.1
CVE-2002-0728 MEDIUM

Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
greg_roelofs libpng 1.2.4
greg_roelofs libpng 1.0.14
CVE-2002-1363 HIGH

Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
greg_roelofs libpng 1.2.4
greg_roelofs libpng 1.0.11
greg_roelofs libpng 1.0.5
greg_roelofs libpng 1.0.13
greg_roelofs libpng 1.0.12
greg_roelofs libpng 1.0.14
greg_roelofs libpng 1.2.0
greg_roelofs libpng 1.2.2
greg_roelofs libpng 1.0.7
greg_roelofs libpng 1.0.6
greg_roelofs libpng 1.2.1
greg_roelofs libpng 1.0.8
greg_roelofs libpng 1.2.3
greg_roelofs libpng 1.0.9
CVE-2004-0597 HIGH

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft windows_media_player 9
microsoft msn_messenger 6.1
microsoft windows_98se *
greg_roelofs libpng *
microsoft windows_messenger 5.0
microsoft msn_messenger 6.2
microsoft windows_me *
CVE-2004-0598 MEDIUM

The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
greg_roelofs libpng *
CVE-2004-0599 MEDIUM

Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
greg_roelofs libpng *
CVE-2004-0768 HIGH

libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
greg_roelofs libpng3 1.2.0
greg_roelofs libpng3 1.2.2
greg_roelofs libpng3 1.2.4
greg_roelofs libpng3 1.2.3
greg_roelofs libpng3 1.2.5
greg_roelofs libpng3 1.2.1
CVE-2005-3662 MEDIUM

Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option (Alphas_Of_Color), allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
greg_roelofs pnmtopng 2.38
greg_roelofs pnmtopng 2.37.4
greg_roelofs pnmtopng 2.37.3
greg_roelofs pnmtopng 2.37.6
greg_roelofs pnmtopng 2.37.5
CVE-2006-0481 MEDIUM

Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
greg_roelofs libpng 1.2.7
CVE-2006-3334 HIGH

Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
greg_roelofs libpng 1.2.4
greg_roelofs libpng 1.2.7rc1
greg_roelofs libpng 1.2.6
greg_roelofs libpng 1.2.0
greg_roelofs libpng 1.2.9
greg_roelofs libpng 1.2.2
greg_roelofs libpng 1.2.7
greg_roelofs libpng 1.2.1
greg_roelofs libpng *
greg_roelofs libpng 1.2.8
greg_roelofs libpng 1.2.5
greg_roelofs libpng 1.2.10
greg_roelofs libpng 1.2.3
CVE-2011-3328 LOW

The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
greg_roelofs libpng 1.5.4