The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.0.14 |
| trustix | secure_linux | 2.1 |
| openpkg | openpkg | 1.3 |
| trustix | secure_linux | 2.0 |
| libpng | libpng | 1.0.11 |
| libpng | libpng | 1.2.0 |
| libpng | libpng | 1.2.2 |
| libpng | libpng | 1.0.13 |
| libpng | libpng | 1.2.5 |
| redhat | enterprise_linux | 2.1 |
| libpng | libpng | 1.0.6 |
| libpng | libpng | 1.0.10 |
| libpng | libpng | 1.0.7 |
| libpng | libpng | 1.0.0 |
| libpng | libpng | 1.0.12 |
| libpng | libpng | 1.0.5 |
| openpkg | openpkg | 2.0 |
| libpng | libpng | 1.0.9 |
| libpng | libpng | 1.0.8 |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | libpng | 1.2.2-20 |
| libpng | libpng | 1.2.1 |
| libpng | libpng | 1.2.4 |
| redhat | enterprise_linux | 3.0 |
| libpng | libpng | 1.2.3 |
| redhat | libpng | 1.2.2-16 |
Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.0.11 |
| libpng | libpng | 1.0.30 |
| libpng | libpng | 1.0.26 |
| libpng | libpng | 1.0.13 |
| libpng | libpng | 1.0.40 |
| libpng | libpng | 1.2.10 |
| libpng | libpng | 1.0.19 |
| libpng | libpng | 1.0.0 |
| libpng | libpng | 1.0.3 |
| libpng | libpng | 1.0.41 |
| libpng | libpng | 1.0.45 |
| libpng | libpng | 1.0.22 |
| libpng | libpng | 1.0.5 |
| libpng | libpng | 1.0.15 |
| libpng | libpng | 1.0.27 |
| libpng | libpng | 1.0.20 |
| libpng | libpng | 1.0.32 |
| libpng | libpng | 1.0.51 |
| libpng | libpng | 1.0.8 |
| libpng | libpng | 1.0.39 |
| libpng | libpng | 1.0.25 |
| libpng | libpng | 1.0.46 |
| libpng | libpng | 1.0.2 |
| libpng | libpng | 1.0.28 |
| libpng | libpng | 1.0.37 |
| libpng | libpng | 1.0.47 |
| libpng | libpng | 1.0.43 |
| libpng | libpng | 1.2.14 |
| libpng | libpng | 1.0.14 |
| libpng | libpng | 1.0.24 |
| libpng | libpng | 1.0.44 |
| libpng | libpng | * |
| libpng | libpng | 1.0.18 |
| libpng | libpng | 1.2.0 |
| libpng | libpng | 1.0.17 |
| libpng | libpng | 1.0.16 |
| libpng | libpng | 1.0.48 |
| libpng | libpng | 1.0.23 |
| libpng | libpng | 1.2.15 |
| libpng | libpng | 1.0.6 |
| libpng | libpng | 1.0.29 |
| libpng | libpng | 1.0.10 |
| libpng | libpng | 1.0.38 |
| libpng | libpng | 1.0.42 |
| libpng | libpng | 1.0.7 |
| libpng | libpng | 1.0.12 |
| libpng | libpng | 1.2.11 |
| libpng | libpng | 1.0.9 |
| libpng | libpng | 1.0.1 |
| libpng | libpng | 1.0.31 |
| libpng | libpng | 1.0.50 |
| libpng | libpng | 1.2.1 |
| libpng | libpng | 1.2.13 |
| libpng | libpng | 1.0.52 |
| libpng | libpng | 1.0.54 |
| libpng | libpng | 1.0.21 |
| libpng | libpng | 1.0.53 |
| libpng | libpng | 1.0.34 |
| libpng | libpng | 1.0.35 |
| libpng | libpng | 1.0.33 |
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-824,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.1 |
| fedoraproject | fedora | 10 |
| suse | linux_enterprise | 10.0 |
| debian | debian_linux | 4.0 |
| opensuse | opensuse | 11.0 |
| suse | linux_enterprise_desktop | 10 |
| libpng | libpng | * |
| opensuse | opensuse | 10.3 |
| debian | debian_linux | 5.0 |
| apple | iphone_os | * |
| fedoraproject | fedora | 9 |
| suse | linux_enterprise_server | 10 |
| apple | mac_os_x | * |
| suse | linux_enterprise | 9.0 |
Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | * |
| libpng | libpng | 1.2.39 |
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.1 |
| suse | linux_enterprise_server | 9 |
| opensuse | opensuse | 11.0 |
| suse | linux_enterprise_server | 11 |
| fedoraproject | fedora | 11 |
| canonical | ubuntu_linux | 9.10 |
| libpng | libpng | * |
| opensuse | opensuse | 11.2 |
| fedoraproject | fedora | 13 |
| canonical | ubuntu_linux | 8.10 |
| canonical | ubuntu_linux | 9.04 |
| canonical | ubuntu_linux | 6.06 |
| debian | debian_linux | 6.0 |
| debian | debian_linux | 5.0 |
| canonical | ubuntu_linux | 8.04 |
| fedoraproject | fedora | 12 |
| suse | linux_enterprise_server | 10 |
| apple | mac_os_x | * |
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mozilla | seamonkey | * |
| suse | linux_enterprise_server | 11 |
| canonical | ubuntu_linux | 9.10 |
| libpng | libpng | * |
| opensuse | opensuse | 11.2 |
| canonical | ubuntu_linux | 9.04 |
| mozilla | firefox | * |
| canonical | ubuntu_linux | 6.06 |
| apple | mac_os_x_server | * |
| apple | iphone_os | * |
| fedoraproject | fedora | 12 |
| apple | mac_os_x | * |
| canonical | ubuntu_linux | 10.04 |
| mozilla | thunderbird | * |
| opensuse | opensuse | 11.1 |
| suse | linux_enterprise_server | 9 |
| chrome | * | |
| apple | safari | * |
| vmware | player | * |
| fedoraproject | fedora | 13 |
| debian | debian_linux | 5.0 |
| canonical | ubuntu_linux | 8.04 |
| suse | linux_enterprise_server | 10 |
| vmware | workstation | * |
| apple | itunes | * |
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.1 |
| suse | linux_enterprise_server | 9 |
| suse | linux_enterprise_server | 11 |
| apple | safari | * |
| canonical | ubuntu_linux | 9.10 |
| libpng | libpng | * |
| opensuse | opensuse | 11.2 |
| vmware | player | * |
| fedoraproject | fedora | 13 |
| apple | tvos | * |
| canonical | ubuntu_linux | 9.04 |
| canonical | ubuntu_linux | 6.06 |
| debian | debian_linux | 5.0 |
| apple | iphone_os | * |
| canonical | ubuntu_linux | 8.04 |
| fedoraproject | fedora | 12 |
| suse | linux_enterprise_server | 10 |
| vmware | workstation | * |
| canonical | ubuntu_linux | 10.04 |
| apple | itunes | * |
pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.5.0 |
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 11.04 |
| fedoraproject | fedora | 14 |
| debian | debian_linux | 6.0 |
| debian | debian_linux | 5.0 |
| canonical | ubuntu_linux | 8.04 |
| libpng | libpng | * |
| canonical | ubuntu_linux | 10.10 |
| canonical | ubuntu_linux | 10.04 |
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 11.04 |
| fedoraproject | fedora | 14 |
| debian | debian_linux | 6.0 |
| debian | debian_linux | 5.0 |
| canonical | ubuntu_linux | 8.04 |
| libpng | libpng | * |
| canonical | ubuntu_linux | 10.10 |
| canonical | ubuntu_linux | 10.04 |
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 14 |
| debian | debian_linux | 6.0 |
| debian | debian_linux | 5.0 |
| libpng | libpng | * |
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 11.04 |
| fedoraproject | fedora | 14 |
| debian | debian_linux | 6.0 |
| debian | debian_linux | 5.0 |
| canonical | ubuntu_linux | 8.04 |
| libpng | libpng | * |
| canonical | ubuntu_linux | 10.10 |
| canonical | ubuntu_linux | 10.04 |
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-195,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| chrome | * | |
| opensuse | opensuse | 12.1 |
| redhat | enterprise_linux | 6.0 |
| libpng | libpng | * |
| fedoraproject | fedora | 17 |
| redhat | gluster_storage | 2.0 |
| redhat | enterprise_linux | 5.0 |
| redhat | enterprise_linux_workstation | 5.0 |
| fedoraproject | fedora | 15 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | storage | 2.0 |
| debian | debian_linux | 6.0 |
| redhat | enterprise_linux_server_eus | 6.2 |
| redhat | storage_for_public_cloud | 2.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| fedoraproject | fedora | 16 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_server_aus | 6.2 |
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.2.47 |
| libpng | libpng | 1.0.11 |
| libpng | libpng | 1.2.16 |
| libpng | libpng | 1.2.48 |
| libpng | libpng | 1.2.12 |
| libpng | libpng | 1.0.13 |
| libpng | libpng | 1.2.5 |
| libpng | libpng | 1.0.40 |
| libpng | libpng | 1.2.36 |
| libpng | libpng | 1.2.33 |
| libpng | libpng | 1.5.9 |
| libpng | libpng | 1.0.0 |
| libpng | libpng | 1.0.3 |
| libpng | libpng | 1.0.41 |
| libpng | libpng | 1.0.15 |
| libpng | libpng | 1.2.18 |
| libpng | libpng | 1.2.41 |
| libpng | libpng | 1.0.27 |
| libpng | libpng | 1.0.32 |
| libpng | libpng | 1.0.51 |
| libpng | libpng | 1.2.24 |
| libpng | libpng | 1.5.5 |
| libpng | libpng | 1.0.46 |
| libpng | libpng | 1.5.1 |
| libpng | libpng | 1.0.2 |
| libpng | libpng | 1.0.28 |
| libpng | libpng | 1.4.3 |
| libpng | libpng | 1.4.6 |
| libpng | libpng | 1.2.9 |
| libpng | libpng | 1.4.1 |
| libpng | libpng | 1.0.24 |
| libpng | libpng | 1.0.44 |
| libpng | libpng | 1.2.32 |
| libpng | libpng | 1.4.4 |
| libpng | libpng | 1.2.23 |
| libpng | libpng | 1.5.8 |
| libpng | libpng | 1.0.48 |
| libpng | libpng | 1.2.42 |
| libpng | libpng | 1.4.10 |
| libpng | libpng | 1.2.15 |
| libpng | libpng | 1.2.29 |
| libpng | libpng | 1.0.38 |
| libpng | libpng | 1.4.7 |
| libpng | libpng | 1.0.7 |
| libpng | libpng | 1.0.12 |
| libpng | libpng | 1.0.55 |
| libpng | libpng | 1.0.31 |
| libpng | libpng | 1.0.50 |
| libpng | libpng | 1.2.39 |
| libpng | libpng | 1.4.0 |
| libpng | libpng | 1.2.4 |
| libpng | libpng | 1.2.27 |
| libpng | libpng | 1.4.8 |
| libpng | libpng | 1.2.31 |
| libpng | libpng | 1.2.13 |
| libpng | libpng | 1.0.52 |
| libpng | libpng | 1.0.54 |
| libpng | libpng | 1.2.7 |
| libpng | libpng | 1.0.21 |
| libpng | libpng | 1.0.53 |
| libpng | libpng | 1.5.0 |
| libpng | libpng | 1.0.34 |
| libpng | libpng | 1.2.21 |
| libpng | libpng | 1.0.35 |
| libpng | libpng | 1.2.3 |
| libpng | libpng | 1.5.6 |
| libpng | libpng | 1.0.33 |
| libpng | libpng | 1.2.43 |
| libpng | libpng | 1.5.2 |
| libpng | libpng | 1.0.30 |
| libpng | libpng | 1.5.4 |
| libpng | libpng | 1.0.26 |
| libpng | libpng | 1.0.56 |
| libpng | libpng | 1.2.2 |
| libpng | libpng | 1.5.7 |
| libpng | libpng | 1.2.10 |
| libpng | libpng | 1.2.28 |
| libpng | libpng | 1.0.19 |
| libpng | libpng | 1.2.37 |
| libpng | libpng | 1.2.35 |
| libpng | libpng | 1.0.45 |
| libpng | libpng | 1.0.22 |
| libpng | libpng | 1.0.5 |
| libpng | libpng | 1.2.45 |
| libpng | libpng | 1.0.20 |
| libpng | libpng | 1.2.46 |
| libpng | libpng | 1.2.20 |
| libpng | libpng | 1.2.30 |
| libpng | libpng | 1.0.8 |
| libpng | libpng | 1.0.39 |
| libpng | libpng | 1.0.25 |
| libpng | libpng | 1.2.8 |
| libpng | libpng | 1.0.37 |
| libpng | libpng | 1.2.44 |
| libpng | libpng | 1.0.47 |
| libpng | libpng | 1.2.6 |
| libpng | libpng | 1.2.22 |
| libpng | libpng | 1.0.43 |
| libpng | libpng | 1.4.5 |
| libpng | libpng | 1.2.14 |
| libpng | libpng | 1.2.25 |
| libpng | libpng | 1.0.14 |
| libpng | libpng | 1.0.58 |
| libpng | libpng | 1.5.3 |
| libpng | libpng | 1.0.18 |
| libpng | libpng | 1.2.0 |
| libpng | libpng | 1.0.17 |
| libpng | libpng | 1.2.26 |
| libpng | libpng | 1.0.16 |
| libpng | libpng | 1.2.17 |
| libpng | libpng | 1.0.23 |
| libpng | libpng | 1.0.6 |
| libpng | libpng | 1.0.29 |
| libpng | libpng | 1.0.10 |
| libpng | libpng | 1.0.42 |
| libpng | libpng | 1.2.19 |
| libpng | libpng | 1.2.11 |
| libpng | libpng | 1.0.9 |
| libpng | libpng | 1.0.1 |
| libpng | libpng | 1.4.9 |
| libpng | libpng | 1.2.1 |
| libpng | libpng | 1.2.38 |
| libpng | libpng | 1.2.40 |
| libpng | libpng | 1.5.10 |
| libpng | libpng | 1.2.34 |
| libpng | libpng | 1.0.57 |
| libpng | libpng | 1.4.2 |
The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.2.47 |
| canonical | ubuntu_linux | 15.10 |
| libpng | libpng | 1.0.11 |
| libpng | libpng | 1.2.16 |
| libpng | libpng | 1.2.48 |
| libpng | libpng | 1.2.12 |
| libpng | libpng | 1.0.13 |
| libpng | libpng | 1.2.5 |
| canonical | ubuntu_linux | 15.04 |
| libpng | libpng | 1.0.40 |
| libpng | libpng | 1.2.36 |
| debian | debian_linux | 6.0 |
| libpng | libpng | 1.2.33 |
| libpng | libpng | 1.5.9 |
| libpng | libpng | 1.0.0 |
| libpng | libpng | 1.0.3 |
| libpng | libpng | 1.0.41 |
| libpng | libpng | 1.0.15 |
| libpng | libpng | 1.2.18 |
| libpng | libpng | 1.2.41 |
| libpng | libpng | 1.0.27 |
| libpng | libpng | 1.0.32 |
| libpng | libpng | 1.0.51 |
| libpng | libpng | 1.2.24 |
| libpng | libpng | 1.5.5 |
| libpng | libpng | 1.0.46 |
| libpng | libpng | 1.5.1 |
| libpng | libpng | 1.0.2 |
| libpng | libpng | 1.0.28 |
| libpng | libpng | 1.4.3 |
| libpng | libpng | 1.4.6 |
| libpng | libpng | 1.2.9 |
| libpng | libpng | 1.4.1 |
| redhat | libpng | 1.2.2-16 |
| libpng | libpng | 1.0.24 |
| libpng | libpng | 1.0.44 |
| libpng | libpng | 1.2.32 |
| libpng | libpng | 1.4.4 |
| libpng | libpng | 1.2.23 |
| libpng | libpng | 1.5.8 |
| libpng | libpng | 1.0.48 |
| libpng | libpng | 1.2.42 |
| libpng | libpng | 1.2.15 |
| canonical | ubuntu_linux | 14.04 |
| libpng | libpng | 1.2.29 |
| libpng | libpng | 1.0.38 |
| libpng | libpng | 1.4.7 |
| libpng | libpng | 1.0.7 |
| libpng | libpng | 1.0.12 |
| libpng | libpng | 1.0.55 |
| libpng | libpng | 1.0.31 |
| libpng | libpng | 1.0.50 |
| libpng | libpng | 1.2.39 |
| libpng | libpng | 1.4.0 |
| libpng | libpng | 1.2.4 |
| libpng | libpng | 1.2.27 |
| libpng | libpng | 1.4.8 |
| libpng | libpng | 1.2.31 |
| libpng | libpng | 1.2.13 |
| libpng | libpng | 1.0.52 |
| libpng | libpng | 1.0.54 |
| libpng | libpng | 1.2.7 |
| libpng | libpng | 1.0.21 |
| libpng | libpng | 1.0.53 |
| libpng | libpng | 1.5.0 |
| libpng | libpng | 1.0.34 |
| libpng | libpng | 1.2.21 |
| libpng | libpng | 1.0.35 |
| libpng | libpng | 1.2.3 |
| libpng | libpng | 1.5.6 |
| libpng | libpng | 1.0.33 |
| libpng | libpng | 1.2.43 |
| libpng | libpng | 1.5.2 |
| opensuse | opensuse | 11.4 |
| libpng | libpng | 1.0.30 |
| libpng | libpng | 1.5.4 |
| libpng | libpng | 1.0.26 |
| libpng | libpng | 1.0.56 |
| libpng | libpng | 1.2.2 |
| libpng | libpng | 1.5.7 |
| libpng | libpng | 1.2.10 |
| libpng | libpng | 1.2.28 |
| libpng | libpng | 1.0.19 |
| libpng | libpng | 1.2.37 |
| libpng | libpng | 1.2.35 |
| libpng | libpng | 1.0.45 |
| libpng | libpng | 1.0.22 |
| libpng | libpng | 1.0.5 |
| libpng | libpng | 1.2.45 |
| opensuse | opensuse | 12.1 |
| libpng | libpng | 1.0.20 |
| libpng | libpng | 1.2.46 |
| libpng | libpng | 1.2.20 |
| libpng | libpng | 1.2.30 |
| libpng | libpng | 1.0.8 |
| libpng | libpng | 1.0.39 |
| canonical | ubuntu_linux | 12.04 |
| redhat | libpng | 1.2.2-20 |
| libpng | libpng | 1.0.25 |
| libpng | libpng | 1.2.8 |
| libpng | libpng | 1.0.37 |
| libpng | libpng | 1.2.44 |
| libpng | libpng | 1.0.47 |
| libpng | libpng | 1.2.6 |
| libpng | libpng | 1.2.22 |
| libpng | libpng | 1.0.43 |
| libpng | libpng | 1.4.5 |
| libpng | libpng | 1.2.14 |
| libpng | libpng | 1.2.25 |
| libpng | libpng | 1.0.14 |
| libpng | libpng | 1.5.3 |
| libpng | libpng | 1.0.18 |
| libpng | libpng | 1.2.0 |
| libpng | libpng | 1.0.17 |
| libpng | libpng | 1.2.26 |
| libpng | libpng | 1.0.16 |
| libpng | libpng | 1.2.17 |
| libpng | libpng | 1.0.23 |
| libpng | libpng | 1.0.6 |
| libpng | libpng | 1.0.29 |
| libpng | libpng | 1.0.10 |
| libpng | libpng | 1.0.42 |
| libpng | libpng | 1.2.19 |
| libpng | libpng | 1.2.11 |
| libpng | libpng | 1.0.9 |
| libpng | libpng | 1.0.1 |
| libpng | libpng | 1.4.9 |
| libpng | libpng | 1.2.1 |
| libpng | libpng | 1.2.38 |
| libpng | libpng | 1.2.40 |
| libpng | libpng | 1.5.10 |
| libpng | libpng | 1.2.34 |
| libpng | libpng | 1.0.57 |
| libpng | libpng | 1.4.2 |
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.6.6 |
| libpng | libpng | 1.6.4 |
| libpng | libpng | 1.6.5 |
| libpng | libpng | 1.6.7 |
| libpng | libpng | * |
| libpng | libpng | 1.6.1 |
| libpng | libpng | 1.6.2 |
| libpng | libpng | 1.6.0 |
| libpng | libpng | 1.6.3 |
Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,CWE-122,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.5.2 |
| libpng | libpng | * |
| libpng | libpng | 1.5.3 |
| libpng | libpng | 1.5.11 |
| libpng | libpng | 1.5.4 |
| libpng | libpng | 1.5.5 |
| libpng | libpng | 1.5.1 |
| libpng | libpng | 1.5.7 |
| libpng | libpng | 1.5.8 |
| libpng | libpng | 1.5.13 |
| libpng | libpng | 1.5.12 |
| libpng | libpng | 1.5.0 |
| libpng | libpng | 1.5.9 |
| libpng | libpng | 1.5.10 |
| libpng | libpng | 1.5.6 |
Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,CWE-122,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.5.2 |
| libpng | libpng | * |
| libpng | libpng | 1.5.3 |
| libpng | libpng | 1.5.11 |
| libpng | libpng | 1.5.4 |
| libpng | libpng | 1.5.5 |
| libpng | libpng | 1.5.1 |
| libpng | libpng | 1.5.7 |
| libpng | libpng | 1.5.8 |
| libpng | libpng | 1.5.13 |
| libpng | libpng | 1.5.12 |
| libpng | libpng | 1.5.0 |
| libpng | libpng | 1.5.9 |
| libpng | libpng | 1.5.10 |
| libpng | libpng | 1.5.6 |
The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.6.6 |
| libpng | libpng | 1.6.9 |
| libpng | libpng | 1.6.4 |
| libpng | libpng | 1.6.5 |
| libpng | libpng | 1.6.7 |
| libpng | libpng | 1.6.1 |
| libpng | libpng | 1.6.8 |
| libpng | libpng | 1.6.2 |
| libpng | libpng | 1.6.0 |
| libpng | libpng | 1.6.3 |
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,CWE-122,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.6.6 |
| libpng | libpng | 1.6.13 |
| libpng | libpng | 1.6.7 |
| libpng | libpng | * |
| libpng | libpng | 1.6.1 |
| libpng | libpng | 1.6.2 |
| libpng | libpng | 1.6.0 |
| libpng | libpng | 1.6.9 |
| libpng | libpng | 1.6.4 |
| libpng | libpng | 1.6.5 |
| libpng | libpng | 1.6.10 |
| libpng | libpng | 1.6.8 |
| libpng | libpng | 1.6.12 |
| libpng | libpng | 1.6.11 |
| apple | mac_os_x | * |
| libpng | libpng | 1.6.14 |
| libpng | libpng | 1.6.15 |
| libpng | libpng | 1.6.3 |
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.6.6 |
| libpng | libpng | 1.6.13 |
| oracle | solaris | 11.2 |
| libpng | libpng | 1.6.7 |
| libpng | libpng | * |
| libpng | libpng | 1.6.1 |
| libpng | libpng | 1.6.2 |
| libpng | libpng | 1.6.0 |
| libpng | libpng | 1.6.9 |
| libpng | libpng | 1.6.4 |
| libpng | libpng | 1.6.5 |
| libpng | libpng | 1.6.10 |
| libpng | libpng | 1.6.8 |
| libpng | libpng | 1.6.12 |
| libpng | libpng | 1.6.11 |
| apple | mac_os_x | * |
| libpng | libpng | 1.6.14 |
| libpng | libpng | 1.6.15 |
| libpng | libpng | 1.6.3 |
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.4.13 |
| libpng | libpng | 1.2.47 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 15.10 |
| libpng | libpng | 1.0.11 |
| libpng | libpng | 1.2.16 |
| redhat | enterprise_linux_server_eus | 7.2 |
| libpng | libpng | 1.2.48 |
| libpng | libpng | 1.2.12 |
| libpng | libpng | 1.0.13 |
| libpng | libpng | 1.2.5 |
| canonical | ubuntu_linux | 15.04 |
| redhat | enterprise_linux_server_eus | 6.7.z |
| libpng | libpng | 1.0.40 |
| libpng | libpng | 1.2.36 |
| libpng | libpng | 1.4.12 |
| libpng | libpng | 1.2.33 |
| libpng | libpng | 1.0.0 |
| libpng | libpng | 1.0.3 |
| libpng | libpng | 1.0.41 |
| libpng | libpng | 1.0.15 |
| redhat | enterprise_linux_workstation | 7.0 |
| libpng | libpng | 1.2.18 |
| libpng | libpng | 1.2.41 |
| libpng | libpng | 1.0.27 |
| libpng | libpng | 1.0.32 |
| libpng | libpng | 1.0.51 |
| libpng | libpng | 1.2.24 |
| libpng | libpng | 1.0.46 |
| redhat | enterprise_linux_workstation | 6.0 |
| libpng | libpng | 1.0.2 |
| libpng | libpng | 1.0.28 |
| libpng | libpng | 1.4.15 |
| libpng | libpng | 1.2.51 |
| redhat | enterprise_linux_hpc_node | 6.0 |
| libpng | libpng | 1.4.3 |
| libpng | libpng | 1.4.6 |
| debian | debian_linux | 8.0 |
| libpng | libpng | 1.2.9 |
| libpng | libpng | 1.4.1 |
| redhat | enterprise_linux_hpc_node_eus | 7.2 |
| libpng | libpng | 1.0.63 |
| libpng | libpng | 1.0.24 |
| libpng | libpng | 1.0.44 |
| redhat | enterprise_linux_desktop | 7.0 |
| libpng | libpng | 1.2.32 |
| libpng | libpng | 1.4.4 |
| libpng | libpng | 1.2.23 |
| libpng | libpng | 1.0.48 |
| libpng | libpng | 1.2.42 |
| libpng | libpng | 1.4.10 |
| libpng | libpng | 1.2.15 |
| canonical | ubuntu_linux | 14.04 |
| libpng | libpng | 1.4.14 |
| libpng | libpng | 1.2.29 |
| libpng | libpng | 1.0.38 |
| libpng | libpng | 1.4.7 |
| libpng | libpng | 1.0.7 |
| libpng | libpng | 1.0.12 |
| libpng | libpng | 1.0.55 |
| libpng | libpng | 1.0.31 |
| libpng | libpng | 1.0.50 |
| libpng | libpng | 1.2.39 |
| libpng | libpng | 1.4.0 |
| libpng | libpng | 1.2.4 |
| libpng | libpng | 1.2.27 |
| libpng | libpng | 1.4.8 |
| libpng | libpng | 1.2.31 |
| libpng | libpng | 1.2.13 |
| libpng | libpng | 1.0.52 |
| libpng | libpng | 1.0.54 |
| libpng | libpng | 1.2.7 |
| libpng | libpng | 1.0.21 |
| libpng | libpng | 1.0.53 |
| libpng | libpng | 1.0.34 |
| libpng | libpng | 1.2.21 |
| libpng | libpng | 1.0.35 |
| libpng | libpng | 1.2.3 |
| libpng | libpng | 1.4.11 |
| libpng | libpng | 1.0.33 |
| libpng | libpng | 1.2.43 |
| libpng | libpng | 1.0.62 |
| libpng | libpng | 1.0.30 |
| libpng | libpng | 1.0.26 |
| libpng | libpng | 1.0.56 |
| libpng | libpng | 1.2.2 |
| libpng | libpng | 1.2.10 |
| libpng | libpng | 1.2.28 |
| libpng | libpng | 1.0.19 |
| libpng | libpng | 1.2.37 |
| libpng | libpng | 1.2.35 |
| libpng | libpng | 1.0.45 |
| libpng | libpng | 1.0.22 |
| libpng | libpng | 1.0.61 |
| libpng | libpng | 1.0.59 |
| libpng | libpng | 1.0.5 |
| libpng | libpng | 1.2.53 |
| libpng | libpng | 1.2.45 |
| libpng | libpng | 1.0.20 |
| libpng | libpng | 1.2.46 |
| libpng | libpng | 1.2.20 |
| libpng | libpng | 1.2.30 |
| libpng | libpng | 1.0.8 |
| libpng | libpng | 1.0.39 |
| canonical | ubuntu_linux | 12.04 |
| libpng | libpng | 1.0.25 |
| redhat | enterprise_linux_server | 7.0 |
| libpng | libpng | 1.2.8 |
| redhat | enterprise_linux_desktop | 6.0 |
| libpng | libpng | 1.0.37 |
| libpng | libpng | 1.2.44 |
| libpng | libpng | 1.0.47 |
| libpng | libpng | 1.2.6 |
| libpng | libpng | 1.2.22 |
| libpng | libpng | 1.0.43 |
| libpng | libpng | 1.4.5 |
| libpng | libpng | 1.2.14 |
| libpng | libpng | 1.2.25 |
| libpng | libpng | 1.0.14 |
| libpng | libpng | 1.0.58 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_hpc_node | 7.0 |
| libpng | libpng | 1.0.18 |
| libpng | libpng | 1.2.0 |
| libpng | libpng | 1.0.17 |
| libpng | libpng | 1.2.26 |
| libpng | libpng | 1.0.16 |
| libpng | libpng | 1.2.17 |
| libpng | libpng | 1.0.23 |
| libpng | libpng | 1.0.6 |
| libpng | libpng | 1.0.29 |
| libpng | libpng | 1.2.50 |
| libpng | libpng | 1.0.10 |
| libpng | libpng | 1.0.42 |
| libpng | libpng | 1.2.19 |
| libpng | libpng | 1.2.49 |
| libpng | libpng | 1.2.11 |
| libpng | libpng | 1.0.60 |
| libpng | libpng | 1.0.9 |
| libpng | libpng | 1.0.1 |
| libpng | libpng | 1.2.52 |
| redhat | enterprise_linux_server_aus | 7.2 |
| libpng | libpng | 1.4.9 |
| libpng | libpng | 1.4.16 |
| libpng | libpng | 1.2.1 |
| libpng | libpng | 1.2.38 |
| libpng | libpng | 1.2.40 |
| libpng | libpng | 1.2.34 |
| libpng | libpng | 1.0.57 |
| libpng | libpng | 1.4.2 |
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_eus | 6.7 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 15.10 |
| fedoraproject | fedora | 23 |
| suse | linux_enterprise_desktop | 11 |
| oracle | jre | 1.6.0 |
| canonical | ubuntu_linux | 15.04 |
| oracle | linux | 7 |
| oracle | jdk | 1.6.0 |
| suse | linux_enterprise_desktop | 12 |
| oracle | jre | 1.8.0 |
| apple | mac_os_x | * |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_aus | 7.3 |
| canonical | ubuntu_linux | 12.04 |
| oracle | linux | 6 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server | 7.0 |
| opensuse | opensuse | 13.2 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_eus | 7.5 |
| oracle | solaris | 11.3 |
| redhat | enterprise_linux_eus | 7.7 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| libpng | libpng | * |
| oracle | jdk | 1.7.0 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | satellite | 5.6 |
| redhat | enterprise_linux_server_aus | 7.4 |
| canonical | ubuntu_linux | 14.04 |
| oracle | jdk | 1.8.0 |
| redhat | enterprise_linux_eus | 7.2 |
| redhat | satellite | 5.7 |
| redhat | enterprise_linux_eus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.2 |
| opensuse | opensuse | 13.1 |
| fedoraproject | fedora | 21 |
| opensuse | leap | 42.1 |
| redhat | enterprise_linux_eus | 7.6 |
| redhat | enterprise_linux_server_aus | 7.6 |
| suse | linux_enterprise_server | 12 |
| redhat | enterprise_linux_server_tus | 7.2 |
| oracle | jre | 1.7.0 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_eus | 7.3 |
| fedoraproject | fedora | 22 |
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.4.13 |
| libpng | libpng | 1.2.47 |
| libpng | libpng | 1.5.19 |
| libpng | libpng | 1.2.16 |
| libpng | libpng | 1.2.48 |
| libpng | libpng | 1.2.12 |
| libpng | libpng | 1.2.36 |
| libpng | libpng | 1.4.12 |
| libpng | libpng | 1.5.24 |
| libpng | libpng | 1.2.33 |
| libpng | libpng | 1.5.9 |
| apple | mac_os_x | * |
| libpng | libpng | 1.2.18 |
| libpng | libpng | 1.2.41 |
| libpng | libpng | 1.6.6 |
| libpng | libpng | 1.2.24 |
| libpng | libpng | 1.5.5 |
| libpng | libpng | 1.5.1 |
| libpng | libpng | 1.6.0 |
| libpng | libpng | 1.5.14 |
| libpng | libpng | 1.4.15 |
| libpng | libpng | 1.6.5 |
| libpng | libpng | 1.2.51 |
| libpng | libpng | 1.4.3 |
| libpng | libpng | 1.4.6 |
| libpng | libpng | 1.4.1 |
| libpng | libpng | 1.6.18 |
| libpng | libpng | 1.6.15 |
| libpng | libpng | 1.6.3 |
| libpng | libpng | 1.2.32 |
| libpng | libpng | 1.4.4 |
| libpng | libpng | 1.2.23 |
| libpng | libpng | 1.5.8 |
| libpng | libpng | 1.5.18 |
| libpng | libpng | 1.2.42 |
| libpng | libpng | 1.4.10 |
| libpng | libpng | 1.2.15 |
| libpng | libpng | 1.4.14 |
| libpng | libpng | 1.5.21 |
| libpng | libpng | 1.6.4 |
| libpng | libpng | 1.2.29 |
| libpng | libpng | 1.5.16 |
| libpng | libpng | 1.4.7 |
| libpng | libpng | 1.6.12 |
| libpng | libpng | 1.6.14 |
| libpng | libpng | 1.2.39 |
| libpng | libpng | 1.4.0 |
| libpng | libpng | 1.5.11 |
| libpng | libpng | 1.0.64 |
| libpng | libpng | 1.5.15 |
| libpng | libpng | 1.6.17 |
| libpng | libpng | 1.2.4 |
| libpng | libpng | 1.2.27 |
| libpng | libpng | 1.4.8 |
| libpng | libpng | 1.2.31 |
| libpng | libpng | 1.5.12 |
| libpng | libpng | 1.2.13 |
| libpng | libpng | 1.6.8 |
| libpng | libpng | 1.2.21 |
| libpng | libpng | 1.2.3 |
| libpng | libpng | 1.5.6 |
| libpng | libpng | 1.4.11 |
| libpng | libpng | 1.2.43 |
| libpng | libpng | 1.5.2 |
| libpng | libpng | 1.5.20 |
| libpng | libpng | 1.5.4 |
| libpng | libpng | 1.2.2 |
| libpng | libpng | 1.5.7 |
| libpng | libpng | 1.2.10 |
| libpng | libpng | 1.2.28 |
| libpng | libpng | 1.2.37 |
| libpng | libpng | 1.2.35 |
| libpng | libpng | 1.2.53 |
| libpng | libpng | 1.2.45 |
| libpng | libpng | 1.2.54 |
| libpng | libpng | 1.2.46 |
| libpng | libpng | 1.2.20 |
| libpng | libpng | 1.2.30 |
| libpng | libpng | 1.6.1 |
| libpng | libpng | 1.4.17 |
| libpng | libpng | 1.6.2 |
| libpng | libpng | 1.5.13 |
| libpng | libpng | 1.6.16 |
| libpng | libpng | 1.2.44 |
| libpng | libpng | 1.5.17 |
| libpng | libpng | 1.2.22 |
| libpng | libpng | 1.5.23 |
| libpng | libpng | 1.4.5 |
| libpng | libpng | 1.2.14 |
| libpng | libpng | 1.2.25 |
| libpng | libpng | 1.5.22 |
| libpng | libpng | 1.6.13 |
| libpng | libpng | 1.5.3 |
| libpng | libpng | 1.2.0 |
| libpng | libpng | 1.2.26 |
| libpng | libpng | 1.6.19 |
| libpng | libpng | 1.2.17 |
| libpng | libpng | 1.2.50 |
| libpng | libpng | 1.6.10 |
| libpng | libpng | 1.2.19 |
| libpng | libpng | 1.2.49 |
| libpng | libpng | 1.2.11 |
| libpng | libpng | 1.6.7 |
| libpng | libpng | 1.2.52 |
| libpng | libpng | 1.4.9 |
| libpng | libpng | 1.4.16 |
| libpng | libpng | 1.2.1 |
| libpng | libpng | 1.2.38 |
| libpng | libpng | 1.6.9 |
| libpng | libpng | 1.2.40 |
| libpng | libpng | 1.5.10 |
| libpng | libpng | 1.2.34 |
| libpng | libpng | 1.6.11 |
| libpng | libpng | 1.4.2 |
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.4.13 |
| libpng | libpng | 1.2.47 |
| libpng | libpng | 1.2.55 |
| libpng | libpng | 1.5.19 |
| libpng | libpng | 1.0.11 |
| libpng | libpng | 1.2.16 |
| libpng | libpng | 1.2.48 |
| libpng | libpng | 1.2.12 |
| libpng | libpng | 1.0.13 |
| libpng | libpng | 1.2.5 |
| libpng | libpng | 1.0.40 |
| libpng | libpng | 1.2.36 |
| libpng | libpng | 1.4.12 |
| debian | debian_linux | 6.0 |
| libpng | libpng | 1.5.24 |
| libpng | libpng | 1.2.33 |
| libpng | libpng | 1.5.9 |
| libpng | libpng | 1.0.0 |
| libpng | libpng | 1.0.3 |
| libpng | libpng | 1.0.41 |
| libpng | libpng | 1.0.15 |
| libpng | libpng | 1.2.18 |
| libpng | libpng | 1.2.41 |
| libpng | libpng | 1.0.27 |
| redhat | enterprise_linux_workstation_supplementary | 6.0 |
| libpng | libpng | 1.0.32 |
| libpng | libpng | 1.0.51 |
| libpng | libpng | 1.2.24 |
| libpng | libpng | 1.5.5 |
| libpng | libpng | 1.0.46 |
| libpng | libpng | 1.5.1 |
| libpng | libpng | 1.0.2 |
| libpng | libpng | 1.0.28 |
| libpng | libpng | 1.5.14 |
| libpng | libpng | 1.4.15 |
| libpng | libpng | 1.5.25 |
| libpng | libpng | 1.2.51 |
| redhat | enterprise_linux_hpc_node | 6.0 |
| libpng | libpng | 1.4.3 |
| libpng | libpng | 1.4.6 |
| redhat | enterprise_linux_server_supplementary | 5.0 |
| libpng | libpng | 1.2.9 |
| libpng | libpng | 1.4.1 |
| libpng | libpng | 1.0.63 |
| libpng | libpng | 1.0.24 |
| libpng | libpng | 1.0.44 |
| libpng | libpng | 1.2.32 |
| libpng | libpng | 1.4.4 |
| libpng | libpng | 1.2.23 |
| libpng | libpng | 1.5.8 |
| libpng | libpng | 1.5.18 |
| libpng | libpng | 1.0.48 |
| libpng | libpng | 1.2.42 |
| libpng | libpng | 1.4.10 |
| libpng | libpng | 1.2.15 |
| libpng | libpng | 1.4.14 |
| libpng | libpng | 1.5.21 |
| libpng | libpng | 1.2.29 |
| libpng | libpng | 1.0.38 |
| libpng | libpng | 1.5.16 |
| libpng | libpng | 1.4.7 |
| libpng | libpng | 1.0.7 |
| libpng | libpng | 1.0.12 |
| libpng | libpng | 1.0.55 |
| libpng | libpng | 1.0.31 |
| libpng | libpng | 1.0.50 |
| libpng | libpng | 1.2.39 |
| libpng | libpng | 1.4.0 |
| libpng | libpng | 1.5.11 |
| libpng | libpng | 1.0.64 |
| libpng | libpng | 1.5.15 |
| libpng | libpng | 1.2.4 |
| libpng | libpng | 1.2.27 |
| libpng | libpng | 1.4.8 |
| libpng | libpng | 1.2.31 |
| libpng | libpng | 1.5.12 |
| libpng | libpng | 1.2.13 |
| libpng | libpng | 1.0.52 |
| libpng | libpng | 1.0.54 |
| libpng | libpng | 1.2.7 |
| libpng | libpng | 1.0.21 |
| libpng | libpng | 1.0.53 |
| libpng | libpng | 1.5.0 |
| redhat | enterprise_linux_server_supplementary | 6.0 |
| libpng | libpng | 1.0.34 |
| libpng | libpng | 1.2.21 |
| libpng | libpng | 1.0.35 |
| libpng | libpng | 1.2.3 |
| libpng | libpng | 1.5.6 |
| libpng | libpng | 1.4.11 |
| libpng | libpng | 1.0.33 |
| libpng | libpng | 1.3.0 |
| libpng | libpng | 1.2.43 |
| libpng | libpng | 1.5.2 |
| libpng | libpng | 1.0.62 |
| fedoraproject | fedora | 23 |
| libpng | libpng | 1.5.20 |
| libpng | libpng | 1.0.65 |
| libpng | libpng | 1.0.30 |
| libpng | libpng | 1.5.4 |
| libpng | libpng | 1.0.26 |
| libpng | libpng | 1.0.56 |
| libpng | libpng | 1.2.2 |
| libpng | libpng | 1.5.7 |
| libpng | libpng | 0.97 |
| libpng | libpng | 1.2.10 |
| libpng | libpng | 1.2.28 |
| libpng | libpng | 1.0.19 |
| libpng | libpng | 1.2.37 |
| libpng | libpng | 1.2.35 |
| libpng | libpng | 1.0.45 |
| libpng | libpng | 1.0.22 |
| libpng | libpng | 1.0.61 |
| libpng | libpng | 1.0.59 |
| libpng | libpng | 0.96 |
| libpng | libpng | 1.0.5 |
| libpng | libpng | 1.2.53 |
| libpng | libpng | 1.2.45 |
| libpng | libpng | 1.2.54 |
| libpng | libpng | 1.0.20 |
| libpng | libpng | 1.2.46 |
| libpng | libpng | 1.2.20 |
| libpng | libpng | 1.2.30 |
| libpng | libpng | 1.0.8 |
| libpng | libpng | 1.0.39 |
| libpng | libpng | 1.4.17 |
| libpng | libpng | 1.0.25 |
| libpng | libpng | 1.5.13 |
| libpng | libpng | 1.4.18 |
| redhat | enterprise_linux_desktop_supplementary | 6.0 |
| libpng | libpng | 1.2.8 |
| libpng | libpng | 1.0.37 |
| libpng | libpng | 1.2.44 |
| libpng | libpng | 1.0.47 |
| libpng | libpng | 1.2.6 |
| libpng | libpng | 1.5.17 |
| libpng | libpng | 1.2.22 |
| libpng | libpng | 1.5.23 |
| libpng | libpng | 1.0.43 |
| libpng | libpng | 1.4.5 |
| libpng | libpng | 0.95 |
| libpng | libpng | 1.2.14 |
| libpng | libpng | 1.2.25 |
| libpng | libpng | 1.0.14 |
| libpng | libpng | 1.5.22 |
| libpng | libpng | 1.0.58 |
| libpng | libpng | 1.5.3 |
| libpng | libpng | 1.0.18 |
| libpng | libpng | 1.2.0 |
| libpng | libpng | 1.0.17 |
| libpng | libpng | 1.2.26 |
| libpng | libpng | 1.0.16 |
| libpng | libpng | 1.2.17 |
| libpng | libpng | 1.0.23 |
| libpng | libpng | 1.0.6 |
| libpng | libpng | 1.0.29 |
| libpng | libpng | 1.2.50 |
| libpng | libpng | 1.0.10 |
| libpng | libpng | 1.0.42 |
| libpng | libpng | 0.90 |
| libpng | libpng | 0.99 |
| libpng | libpng | 1.2.19 |
| libpng | libpng | 1.2.49 |
| libpng | libpng | 1.1.1 |
| libpng | libpng | 1.2.11 |
| libpng | libpng | 1.0.60 |
| redhat | enterprise_linux_desktop_supplementary | 5.0 |
| libpng | libpng | 1.0.9 |
| libpng | libpng | 1.0.1 |
| libpng | libpng | 1.2.52 |
| libpng | libpng | 1.4.9 |
| libpng | libpng | 1.4.16 |
| libpng | libpng | 0.98 |
| libpng | libpng | 1.2.1 |
| libpng | libpng | 1.2.38 |
| libpng | libpng | 1.2.40 |
| libpng | libpng | 1.5.10 |
| libpng | libpng | 1.2.34 |
| libpng | libpng | 1.0.57 |
| libpng | libpng | 1.4.2 |
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.2.47 |
| libpng | libpng | 1.2.55 |
| libpng | libpng | 1.5.19 |
| libpng | libpng | 1.0.11 |
| libpng | libpng | 1.0.40 |
| libpng | libpng | 1.0.5c |
| libpng | libpng | 1.6.23 |
| libpng | libpng | 1.2.33 |
| libpng | libpng | 1.5.9 |
| libpng | libpng | 1.0.3 |
| libpng | libpng | 1.0.15 |
| libpng | libpng | 1.2.41 |
| libpng | libpng | 1.0.5i |
| libpng | libpng | 1.0.32 |
| libpng | libpng | 1.0.51 |
| libpng | libpng | 1.5.5 |
| libpng | libpng | 1.5.1 |
| libpng | libpng | 1.6.0 |
| libpng | libpng | 1.0.2a |
| libpng | libpng | 1.0.2 |
| libpng | libpng | 1.5.14 |
| libpng | libpng | 1.6.20 |
| libpng | libpng | 1.5.25 |
| libpng | libpng | 1.2.51 |
| libpng | libpng | 1.0.5a |
| libpng | libpng | 1.0.5d |
| libpng | libpng | 1.4.3 |
| libpng | libpng | 1.4.6 |
| libpng | libpng | 1.4.1 |
| libpng | libpng | 1.0.1d |
| libpng | libpng | 1.6.18 |
| libpng | libpng | 1.6.21 |
| libpng | libpng | 1.0.44 |
| libpng | libpng | 1.0.6d |
| libpng | libpng | 1.6.22 |
| libpng | libpng | 1.5.8 |
| libpng | libpng | 1.5.18 |
| libpng | libpng | 1.2.42 |
| libpng | libpng | 1.0.5p |
| libpng | libpng | 1.0.5q |
| libpng | libpng | 1.6.24 |
| libpng | libpng | 1.4.14 |
| libpng | libpng | 1.5.21 |
| libpng | libpng | 1.2.29 |
| libpng | libpng | 1.0.38 |
| libpng | libpng | 1.6.12 |
| libpng | libpng | 1.6.14 |
| libpng | libpng | 1.0.4b |
| libpng | libpng | 1.0.55 |
| libpng | libpng | 0.87 |
| libpng | libpng | 1.0.5s |
| libpng | libpng | 0.99f |
| libpng | libpng | 1.0.31 |
| libpng | libpng | 1.0.50 |
| libpng | libpng | 1.2.39 |
| libpng | libpng | 1.0.64 |
| libpng | libpng | 0.82 |
| libpng | libpng | 1.5.15 |
| libpng | libpng | 0.88 |
| libpng | libpng | 1.2.4 |
| libpng | libpng | 0.81 |
| libpng | libpng | 1.0.6g |
| libpng | libpng | 1.4.8 |
| libpng | libpng | 1.0.1c |
| libpng | libpng | 1.0.21 |
| libpng | libpng | 1.0.53 |
| libpng | libpng | 1.5.0 |
| libpng | libpng | 1.0.34 |
| libpng | libpng | 1.0.35 |
| libpng | libpng | 1.2.3 |
| libpng | libpng | 1.4.11 |
| libpng | libpng | 1.0.33 |
| libpng | libpng | 1.5.2 |
| libpng | libpng | 1.0.5n |
| libpng | libpng | 1.5.4 |
| libpng | libpng | 1.0.26 |
| libpng | libpng | 1.2.56 |
| libpng | libpng | 0.97 |
| libpng | libpng | 1.2.37 |
| libpng | libpng | 1.4.19 |
| libpng | libpng | 1.0.22 |
| libpng | libpng | 0.96 |
| libpng | libpng | 1.2.53 |
| libpng | libpng | 1.2.45 |
| libpng | libpng | 1.5.27 |
| libpng | libpng | 1.2.54 |
| libpng | libpng | 1.2.20 |
| libpng | libpng | 1.0.8 |
| libpng | libpng | 1.0.39 |
| libpng | libpng | 1.4.17 |
| libpng | libpng | 1.0.4f |
| libpng | libpng | 0.99g |
| libpng | libpng | 1.0.37 |
| libpng | libpng | 1.0.3d |
| libpng | libpng | 1.2.6 |
| libpng | libpng | 1.5.23 |
| libpng | libpng | 1.4.5 |
| libpng | libpng | 1.0.14 |
| libpng | libpng | 1.5.22 |
| libpng | libpng | 0.71 |
| libpng | libpng | 1.5.3 |
| libpng | libpng | 1.0.17 |
| libpng | libpng | 1.2.26 |
| libpng | libpng | 1.6.19 |
| libpng | libpng | 0.86 |
| libpng | libpng | 1.0.23 |
| libpng | libpng | 1.0.29 |
| libpng | libpng | 1.0.10 |
| libpng | libpng | 1.0.42 |
| libpng | libpng | 0.90 |
| libpng | libpng | 1.0.3b |
| libpng | libpng | 1.0.60 |
| libpng | libpng | 0.99h |
| libpng | libpng | 1.2.52 |
| libpng | libpng | 1.0.4d |
| libpng | libpng | 1.4.16 |
| libpng | libpng | 0.98 |
| libpng | libpng | 1.2.1 |
| libpng | libpng | 1.0.5m |
| libpng | libpng | 1.6.9 |
| libpng | libpng | 1.6.26 |
| libpng | libpng | 1.0.4a |
| libpng | libpng | 1.0.66 |
| libpng | libpng | 1.0.57 |
| libpng | libpng | 1.4.2 |
| libpng | libpng | 1.4.13 |
| libpng | libpng | 1.0.5e |
| libpng | libpng | 1.0.5t |
| libpng | libpng | 1.2.16 |
| libpng | libpng | 0.8 |
| libpng | libpng | 1.2.12 |
| libpng | libpng | 1.0.13 |
| libpng | libpng | 1.4.12 |
| libpng | libpng | 1.5.24 |
| libpng | libpng | 1.0.5l |
| libpng | libpng | 1.0.0 |
| libpng | libpng | 1.0.41 |
| libpng | libpng | 1.0.5b |
| libpng | libpng | 1.2.18 |
| libpng | libpng | 1.6.6 |
| libpng | libpng | 1.0.27 |
| libpng | libpng | 1.0.5o |
| libpng | libpng | 1.0.5u |
| libpng | libpng | 1.0.1e |
| libpng | libpng | 1.2.24 |
| libpng | libpng | 1.0.6f |
| libpng | libpng | 1.0.4 |
| libpng | libpng | 1.0.46 |
| libpng | libpng | 1.0.28 |
| libpng | libpng | 1.4.15 |
| libpng | libpng | 1.6.5 |
| libpng | libpng | 1.0.0a |
| libpng | libpng | 1.6.15 |
| libpng | libpng | 1.6.3 |
| libpng | libpng | 1.0.63 |
| libpng | libpng | 1.0.24 |
| libpng | libpng | 1.0.6h |
| libpng | libpng | 1.2.32 |
| libpng | libpng | 0.89 |
| libpng | libpng | 1.0.5k |
| libpng | libpng | 1.4.4 |
| libpng | libpng | 1.0.48 |
| libpng | libpng | 1.4.10 |
| libpng | libpng | 1.6.4 |
| libpng | libpng | 1.5.16 |
| libpng | libpng | 1.4.7 |
| libpng | libpng | 1.0.1b |
| libpng | libpng | 1.0.7 |
| libpng | libpng | 1.0.5f |
| libpng | libpng | 1.0.12 |
| libpng | libpng | 1.6.25 |
| libpng | libpng | 0.85 |
| libpng | libpng | 0.99a |
| libpng | libpng | 1.0.1a |
| libpng | libpng | 1.0.6e |
| libpng | libpng | 1.4.0 |
| libpng | libpng | 1.0.5r |
| libpng | libpng | 1.5.11 |
| libpng | libpng | 1.00 |
| libpng | libpng | 1.0.5v |
| libpng | libpng | 1.6.17 |
| libpng | libpng | 0.99e |
| libpng | libpng | 1.0.5j |
| libpng | libpng | 1.0.6i |
| libpng | libpng | 1.2.27 |
| libpng | libpng | 1.5.12 |
| libpng | libpng | 1.2.13 |
| libpng | libpng | 1.0.52 |
| libpng | libpng | 1.0.54 |
| libpng | libpng | 1.6.8 |
| libpng | libpng | 1.2.21 |
| libpng | libpng | 1.5.6 |
| libpng | libpng | 1.5.26 |
| libpng | libpng | 1.0.62 |
| libpng | libpng | 1.5.20 |
| libpng | libpng | 1.0.65 |
| libpng | libpng | 1.0.6j |
| libpng | libpng | 1.0.30 |
| libpng | libpng | 1.0.56 |
| libpng | libpng | 0.99d |
| libpng | libpng | 1.0.5g |
| libpng | libpng | 1.5.7 |
| libpng | libpng | 1.2.10 |
| libpng | libpng | 1.0.19 |
| libpng | libpng | 1.0.3a |
| libpng | libpng | 1.2.35 |
| libpng | libpng | 1.0.45 |
| libpng | libpng | 1.0.61 |
| libpng | libpng | 1.0.59 |
| libpng | libpng | 1.0.5 |
| libpng | libpng | 1.0.4e |
| libpng | libpng | 1.0.20 |
| libpng | libpng | 1.2.46 |
| libpng | libpng | 1.6.1 |
| libpng | libpng | 1.0.25 |
| libpng | libpng | 1.6.2 |
| libpng | libpng | 1.5.13 |
| libpng | libpng | 1.6.16 |
| libpng | libpng | 1.4.18 |
| libpng | libpng | 1.2.8 |
| libpng | libpng | 1.2.44 |
| libpng | libpng | 1.0.47 |
| libpng | libpng | 1.5.17 |
| libpng | libpng | 1.2.22 |
| libpng | libpng | 1.0.43 |
| libpng | libpng | 0.95 |
| libpng | libpng | 1.2.14 |
| libpng | libpng | 1.2.25 |
| libpng | libpng | 1.6.13 |
| libpng | libpng | 1.0.58 |
| libpng | libpng | 1.0.18 |
| libpng | libpng | 1.2.0 |
| libpng | libpng | 1.0.5h |
| libpng | libpng | 1.0.16 |
| libpng | libpng | 0.99c |
| libpng | libpng | 0.89c |
| libpng | libpng | 0.99b |
| libpng | libpng | 1.0.6 |
| libpng | libpng | 1.2.50 |
| libpng | libpng | 1.6.10 |
| libpng | libpng | 0.99 |
| libpng | libpng | 1.0.4c |
| libpng | libpng | 1.0.9 |
| libpng | libpng | 1.6.7 |
| libpng | libpng | 1.0.1 |
| libpng | libpng | 1.4.9 |
| libpng | libpng | 1.2.38 |
| libpng | libpng | 1.0.0b |
| libpng | libpng | 1.5.10 |
| libpng | libpng | 1.6.11 |
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 5.0.1 | |
| android | 5.0 | |
| android | 4.0 | |
| android | 6.0.1 | |
| libpng | libpng | * |
| android | 4.0.1 | |
| android | 4.1.2 | |
| android | 4.2 | |
| android | 4.4.1 | |
| android | 6.0 | |
| android | 4.4 | |
| android | 4.3.1 | |
| android | 5.1 | |
| android | 4.1 | |
| android | 4.0.3 | |
| android | 4.2.2 | |
| android | 4.3 | |
| android | 4.4.3 | |
| android | 4.4.2 | |
| android | 4.0.4 | |
| android | 5.1.0 | |
| android | 4.0.2 | |
| android | 4.2.1 |
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| libpng | libpng | * |
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| canonical | ubuntu_linux | 17.10 |
| libpng | libpng | 1.6.34 |
| oracle | jre | 11.0.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.6.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| canonical | ubuntu_linux | 14.04 |
| oracle | jdk | 1.6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| oracle | jre | 1.8.0 |
| canonical | ubuntu_linux | 18.04 |
| oracle | jre | 1.7.0 |
| oracle | jdk | 1.8.0 |
| oracle | jdk | 11.0.0 |
An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| libpng | libpng | 1.6.34 |
| oracle | jre | 11.0.0 |
| oracle | jre | 1.8.0 |
| oracle | jre | 1.7.0 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.8.0 |
| oracle | jdk | 11.0.0 |
| oracle | jre | 1.6.0 |
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| libpng | libpng | 1.6.35 |
| oracle | mysql_workbench | * |
| netapp | oncommand_api_services | - |
| oracle | hyperion_infrastructure_technology | 11.1.2.6.0 |
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.6.36 |
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.6 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| netapp | cloud_backup | - |
| netapp | e-series_santricity_management | - |
| netapp | active_iq_unified_manager | 9.6 |
| netapp | plug-in_for_symantec_netbackup | - |
| netapp | oncommand_insight | * |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| canonical | ubuntu_linux | 19.04 |
| redhat | enterprise_linux_workstation | 7.0 |
| netapp | e-series_santricity_unified_manager | * |
| hpe | xp7_command_view_advanced_edition_suite | * |
| oracle | jdk | 12.0.1 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_for_power_big_endian | 6.0 |
| oracle | java_se | 7u221 |
| redhat | enterprise_linux_for_power_big_endian | 7.0 |
| hp | xp7_command_view | * |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_for_scientific_computing | 6.0 |
| redhat | enterprise_linux | 6.0 |
| mozilla | thunderbird | - |
| canonical | ubuntu_linux | 16.04 |
| netapp | active_iq_unified_manager | * |
| redhat | enterprise_linux_desktop | 7.0 |
| libpng | libpng | * |
| mozilla | firefox | - |
| opensuse | leap | 42.3 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0 |
| netapp | oncommand_workflow_automation | * |
| redhat | enterprise_linux_for_ibm_z_systems | 6.0 |
| netapp | steelstore | - |
| oracle | jdk | 11.0.3 |
| canonical | ubuntu_linux | 18.10 |
| redhat | satellite | 5.8 |
| canonical | ubuntu_linux | 18.04 |
| netapp | e-series_santricity_storage_manager | * |
| oracle | java_se | 8u212 |
| oracle | mysql | * |
| opensuse | leap | 15.0 |
| redhat | enterprise_linux_for_power_little_endian | 7.0 |
| oracle | hyperion_infrastructure_technology | 11.2.6.0 |
| netapp | e-series_santricity_web_services | * |
| opensuse | package_hub | - |
| redhat | enterprise_linux_for_ibm_z_systems | 7.0 |
| redhat | enterprise_linux | 7.0 |
| opensuse | leap | 15.1 |
| netapp | snapmanager | * |
| netapp | snapmanager | 3.4.2 |
| redhat | enterprise_linux_for_power_little_endian | 8.0 |
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | extra_packages_for_enterprise_linux | 7.0 |
| fedoraproject | fedora | 31 |
| fedoraproject | fedora | 33 |
| debian | debian_linux | 9.0 |
| fedoraproject | fedora | 32 |
| fedoraproject | fedora | 34 |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| libpng | pngcheck | 2.4.0 |
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| libpng | pngcheck | 2.4.0 |
A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| netapp | ontap_select_deploy_administration_utility | - |
| debian | debian_linux | 11.0 |
| libpng | libpng | 1.6.0 |
A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | 1.6.38 |
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | * |
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | * |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H | 1.8 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | * |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H | 1.8 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | * |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H | 2.8 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | * |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | * |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H | 2.8 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | * |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H | 1.8 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | * |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.8 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H | 2.5 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | * |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | * |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr->trans_alpha = info_ptr->trans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr->palette = png_ptr->palette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | * |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H | 2.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libpng | libpng | * |