Libpng
by Pnggroup
Source repositories
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-3334 | 0.00 | — | 0.04 | Jun 30, 2006 | Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the… | |||
| CVE-2006-0481 | 0.00 | — | 0.03 | Jan 31, 2006 | Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image. | |||
| CVE-2004-0598 | 0.00 | — | 0.06 | Nov 23, 2004 | The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference. | |||
| CVE-2004-0599 | 0.00 | — | 0.06 | Nov 23, 2004 | Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed… | |||
| CVE-2004-0768 | 0.00 | — | 0.03 | Oct 20, 2004 | libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. | |||
| CVE-2002-1363 | 0.00 | — | 0.06 | Dec 26, 2002 | Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers. | |||
| CVE-2002-0660 | 0.00 | — | 0.03 | Aug 12, 2002 | Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728. | |||
| CVE-2002-0728 | 0.00 | — | 0.02 | Aug 12, 2002 | Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk. |
- CVE-2006-3334Jun 30, 2006risk 0.00cvss —epss 0.04
Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the…
- CVE-2006-0481Jan 31, 2006risk 0.00cvss —epss 0.03
Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.
- CVE-2004-0598Nov 23, 2004risk 0.00cvss —epss 0.06
The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.
- CVE-2004-0599Nov 23, 2004risk 0.00cvss —epss 0.06
Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed…
- CVE-2004-0768Oct 20, 2004risk 0.00cvss —epss 0.03
libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
- CVE-2002-1363Dec 26, 2002risk 0.00cvss —epss 0.06
Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.
- CVE-2002-0660Aug 12, 2002risk 0.00cvss —epss 0.03
Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.
- CVE-2002-0728Aug 12, 2002risk 0.00cvss —epss 0.02
Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.
Page 2 of 2