Libpng

Libpng

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2013-7353

  • EPSS 0.41%
  • Veröffentlicht 06.05.2014 14:55:05
  • Zuletzt bearbeitet 09.06.2025 16:15:23

Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based b...

5

CVE-2014-0333

  • EPSS 0.76%
  • Veröffentlicht 27.02.2014 20:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

5

CVE-2013-6954

Exploit
  • EPSS 3.55%
  • Veröffentlicht 12.01.2014 18:34:55
  • Zuletzt bearbeitet 10.06.2025 14:15:22

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset...

4.3

CVE-2012-3425

  • EPSS 1.25%
  • Veröffentlicht 13.08.2012 20:55:09
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value ...

7.5

CVE-2011-3464

  • EPSS 1.88%
  • Veröffentlicht 22.07.2012 17:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigge...

6.8

CVE-2011-3048

  • EPSS 16.63%
  • Veröffentlicht 29.05.2012 20:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk i...

6.8

CVE-2011-3045

  • EPSS 7.72%
  • Veröffentlicht 22.03.2012 16:55:01
  • Zuletzt bearbeitet 09.06.2025 16:15:22

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly exe...

5

CVE-2009-5063

  • EPSS 0.47%
  • Veröffentlicht 31.08.2011 23:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative ...

5

CVE-2006-7244

  • EPSS 0.42%
  • Veröffentlicht 31.08.2011 23:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embe...

8.8

CVE-2011-2692

Exploit
  • EPSS 7.1%
  • Veröffentlicht 17.07.2011 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory...