) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:libpng:libpng:1.5.20:beta
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-8540 |
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. Published: April 14, 2016; 10:59:03 AM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
| CVE-2014-9495 |
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. Published: January 10, 2015; 2:59:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-2013-6954 |
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. Published: January 12, 2014; 1:34:55 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |