National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): libpng
There are 67 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-17371

libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_struct.

Published: October 09, 2019; 09:15:14 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-9423

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616

Published: September 27, 2019; 03:15:28 PM -04:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-14373

An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a heap-based buffer over-read in libpng via a crafted flif file.

Published: July 28, 2019; 03:15:11 PM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-12652

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

Published: July 10, 2019; 11:15:10 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-14550

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

Published: July 10, 2019; 08:15:10 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-7317

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Published: February 04, 2019; 03:29:00 AM -05:00
V3.0: 5.3 MEDIUM
    V2: 2.6 LOW
CVE-2019-6129

** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."

Published: January 11, 2019; 12:29:01 AM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-3572

An issue was discovered in libming 0.4.8. There is a heap-based buffer over-read in the function writePNG in the file util/dbl2png.c of the dbl2png command-line program. Because this is associated with an erroneous call to png_write_row in libpng, an out-of-bounds write might occur for some memory layouts.

Published: January 02, 2019; 10:29:00 AM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-14876

An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width.

Published: August 02, 2018; 08:29:00 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-14048

An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.

Published: July 13, 2018; 12:29:00 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-13785

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

Published: July 09, 2018; 09:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10424

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, SD 820A, SD 835, SD 845, and SD 850, upgrading LibPNG from 1.6.12 to 1.6.21 fixes multiple issues with different CWEs.

Published: April 18, 2018; 10:29:10 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-5735

Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.

Published: May 23, 2017; 12:29:01 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-10087

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.

Published: January 30, 2017; 05:59:00 PM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-3751

Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.

Published: July 10, 2016; 09:59:51 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.5 HIGH
CVE-2015-8540

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

Published: April 14, 2016; 10:59:03 AM -04:00
V3.0: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2015-8472

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

Published: January 21, 2016; 10:59:00 AM -05:00
V3.0: 7.3 HIGH
    V2: 7.5 HIGH
CVE-2015-7981

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

Published: November 24, 2015; 03:59:15 PM -05:00
    V2: 5.0 MEDIUM
CVE-2015-8126

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

Published: November 12, 2015; 10:59:05 PM -05:00
    V2: 7.5 HIGH
CVE-2015-0973

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

Published: January 18, 2015; 01:59:03 PM -05:00
    V2: 7.5 HIGH