Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*
There are 27 matching records.
Displaying matches 21 through 27.
Vuln ID Summary CVSS Severity
CVE-2010-1205

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

Published: June 30, 2010; 2:30:01 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2010-0205

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.

Published: March 03, 2010; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-2042

libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.

Published: June 12, 2009; 4:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-0040

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.

Published: February 22, 2009; 5:30:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2008-6218

Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.

Published: February 20, 2009; 12:30:03 PM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2008-5907

The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.

Published: January 15, 2009; 12:30:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-3964

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

Published: September 10, 2008; 9:13:47 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM