Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Libpng Subscribe
Filtered by product Libpng
Total 44 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3045 6 Debian, Fedoraproject, Google and 3 more 13 Debian Linux, Fedora, Chrome and 10 more 2020-04-14 6.8 MEDIUM N/A
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
CVE-2008-5907 2 Debian, Libpng 2 Debian Linux, Libpng 2018-11-08 5.0 MEDIUM N/A
The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.
CVE-2012-3425 5 Canonical, Debian, Libpng and 2 more 5 Ubuntu Linux, Debian Linux, Libpng and 2 more 2018-10-30 4.3 MEDIUM N/A
The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.
CVE-2007-5268 2 Canonical, Libpng 2 Ubuntu Linux, Libpng 2018-10-26 4.3 MEDIUM N/A
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.
CVE-2007-5266 1 Libpng 1 Libpng 2018-10-26 4.3 MEDIUM N/A
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.
CVE-2007-5269 1 Libpng 1 Libpng 2018-10-15 5.0 MEDIUM N/A
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.
CVE-2007-5267 1 Libpng 1 Libpng 2018-10-15 4.3 MEDIUM N/A
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.
CVE-2009-0040 1 Libpng 1 Libpng 2018-10-11 6.8 MEDIUM N/A
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
CVE-2008-6218 1 Libpng 1 Libpng 2018-10-11 7.1 HIGH N/A
Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.
CVE-2008-1382 1 Libpng 1 Libpng 2018-10-11 7.5 HIGH N/A
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
CVE-2013-6954 1 Libpng 1 Libpng 2018-01-04 5.0 MEDIUM N/A
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
CVE-2011-3048 1 Libpng 1 Libpng 2017-12-28 6.8 MEDIUM N/A
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
CVE-2015-8472 2 Apple, Libpng 2 Mac Os X, Libpng 2017-11-03 7.5 HIGH 7.3 HIGH
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
CVE-2011-0408 1 Libpng 1 Libpng 2017-08-16 6.8 MEDIUM N/A
pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information.
CVE-2009-2042 1 Libpng 1 Libpng 2017-08-16 4.3 MEDIUM N/A
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.
CVE-2015-7981 4 Canonical, Debian, Libpng and 1 more 10 Ubuntu Linux, Debian Linux, Libpng and 7 more 2017-06-30 5.0 MEDIUM N/A
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
CVE-2013-7353 1 Libpng 1 Libpng 2016-12-30 5.0 MEDIUM N/A
Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.
CVE-2013-7354 1 Libpng 1 Libpng 2016-12-30 5.0 MEDIUM N/A
Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.
CVE-2015-0973 3 Apple, Libpng, Oracle 3 Mac Os X, Libpng, Solaris 2016-10-20 7.5 HIGH N/A
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
CVE-2014-9495 2 Apple, Libpng 2 Mac Os X, Libpng 2016-10-17 10.0 HIGH N/A
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.