Libpng

Libpng

44 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2015-8472

  • EPSS 3.2%
  • Published 21.01.2016 15:59:00
  • Last modified 12.04.2025 10:46:40

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or ...

5

CVE-2015-7981

Exploit
  • EPSS 0.93%
  • Published 24.11.2015 20:59:15
  • Last modified 12.04.2025 10:46:40

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which trigge...

7.5

CVE-2015-8126

  • EPSS 4.95%
  • Published 13.11.2015 03:59:05
  • Last modified 12.04.2025 10:46:40

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a den...

7.5

CVE-2015-0973

Exploit
  • EPSS 2.01%
  • Published 18.01.2015 18:59:03
  • Last modified 09.06.2025 16:15:24

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-94...

10

CVE-2014-9495

  • EPSS 2.53%
  • Published 10.01.2015 19:59:00
  • Last modified 09.06.2025 16:15:24

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

5

CVE-2013-7354

  • EPSS 0.57%
  • Published 06.05.2014 14:55:05
  • Last modified 09.06.2025 16:15:24

Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.

5

CVE-2013-7353

  • EPSS 0.41%
  • Published 06.05.2014 14:55:05
  • Last modified 09.06.2025 16:15:23

Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based b...

5

CVE-2014-0333

  • EPSS 1.83%
  • Published 27.02.2014 20:55:04
  • Last modified 12.04.2025 10:46:40

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

5

CVE-2013-6954

Exploit
  • EPSS 3.55%
  • Published 12.01.2014 18:34:55
  • Last modified 10.06.2025 14:15:22

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset...

4.3

CVE-2012-3425

  • EPSS 1.64%
  • Published 13.08.2012 20:55:09
  • Last modified 11.04.2025 00:51:21

The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value ...