VYPR

Vendor CVEs

Libpng

All CVEs

66 total · sorted by risk
  • CVE-2010-1205CriJun 30, 2010
    risk 0.70cvss 9.8epss 0.43

    Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

  • CVE-2015-8540HigApr 14, 2016
    risk 0.58cvss 8.8epss 0.06

    Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a…

  • CVE-2015-0973HigJan 18, 2015
    risk 0.58cvss 8.8epss 0.04

    Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

  • CVE-2014-9495HigJan 10, 2015
    risk 0.58cvss 8.8epss 0.04

    Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

  • CVE-2011-2692HigJul 17, 2011
    risk 0.58cvss 8.8epss 0.04

    The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application…

  • CVE-2011-3045HigMar 22, 2012
    risk 0.57cvss 8.8epss 0.04

    Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a…

  • CVE-2011-2690HigJul 17, 2011
    risk 0.57cvss 8.8epss 0.03

    Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary…

  • CVE-2016-3751HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem…

  • CVE-2016-10087HigJan 30, 2017
    risk 0.49cvss 7.5epss 0.06

    The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure,…

  • CVE-2015-8472HigJan 21, 2016
    risk 0.48cvss 7.3epss 0.06

    Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified…

  • CVE-2018-13785MedJul 9, 2018
    risk 0.43cvss 6.5epss 0.04

    In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

  • CVE-2013-6954MedJan 12, 2014
    risk 0.43cvss 6.5epss 0.05

    The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.

  • CVE-2011-2691MedJul 17, 2011
    risk 0.43cvss 6.5epss 0.04

    The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service…

  • CVE-2011-2501MedJul 17, 2011
    risk 0.43cvss 6.5epss 0.03

    The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during…

  • CVE-2026-33636HigMar 26, 2026
    risk 0.42cvss 7.6epss 0.01

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path.…

  • CVE-2026-33416HigMar 26, 2026
    risk 0.42cvss 7.5epss 0.01

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`,…

  • CVE-2018-14048MedJul 13, 2018
    risk 0.42cvss 6.5epss 0.03

    An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.

  • CVE-2013-7354MedMay 6, 2014
    risk 0.42cvss 6.5epss 0.02

    Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.

  • CVE-2013-7353MedMay 6, 2014
    risk 0.42cvss 6.5epss 0.02

    Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.

  • CVE-2010-2249MedJun 30, 2010
    risk 0.42cvss 6.5epss 0.03

    Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

  • CVE-2019-7317MedFeb 4, 2019
    risk 0.27cvss 5.3epss 0.09

    png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

  • CVE-2026-34757MedApr 9, 2026
    risk 0.26cvss 5.1epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter…

  • CVE-2004-0597Nov 23, 2004
    risk 0.10cvss epss 0.83

    Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or…

  • CVE-2015-7981Nov 24, 2015
    risk 0.01cvss epss 0.06

    The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

  • CVE-2015-8126Nov 13, 2015
    risk 0.01cvss epss 0.10

    Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application…

  • CVE-2011-3048May 29, 2012
    risk 0.01cvss epss 0.07

    The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which…

  • CVE-2026-25646Feb 10, 2026
    risk 0.00cvss epss 0.01

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no…

  • CVE-2025-28164Jan 27, 2026
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.

  • CVE-2025-28162Jan 27, 2026
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become…

  • CVE-2026-22801Jan 12, 2026
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and…

  • CVE-2026-22695Jan 12, 2026
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing…

  • CVE-2025-66293Dec 3, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the…

  • CVE-2025-65018Nov 24, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function…

  • CVE-2025-64720Nov 24, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images…

  • CVE-2025-64506Nov 24, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing…

  • CVE-2025-64505Nov 24, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with…

  • CVE-2021-4214Aug 24, 2022
    risk 0.00cvss epss 0.01

    A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

  • CVE-2017-12652Jul 10, 2019
    risk 0.00cvss epss 0.04

    libpng before 1.6.32 does not properly check the length of chunks against the user limit.

  • CVE-2014-0333Feb 27, 2014
    risk 0.00cvss epss 0.03

    The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

  • CVE-2012-3425Aug 13, 2012
    risk 0.00cvss epss 0.03

    The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.

  • CVE-2011-3464Jul 22, 2012
    risk 0.00cvss epss 0.03

    Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer…

  • CVE-2011-3328Jan 17, 2012
    risk 0.00cvss epss 0.04

    The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain…

  • CVE-2009-5063Aug 31, 2011
    risk 0.00cvss epss 0.01

    Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. …

  • CVE-2006-7244Aug 31, 2011
    risk 0.00cvss epss 0.01

    Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.

  • CVE-2011-0408Jan 18, 2011
    risk 0.00cvss epss 0.06

    pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the…

  • CVE-2010-0205Mar 3, 2010
    risk 0.00cvss epss 0.04

    The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to…

  • CVE-2009-2042Jun 12, 2009
    risk 0.00cvss epss 0.02

    libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via…

  • CVE-2009-0040Feb 22, 2009
    risk 0.00cvss epss 0.05

    The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers…

  • CVE-2008-6218Feb 20, 2009
    risk 0.00cvss epss 0.02

    Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.

  • CVE-2008-5907Jan 15, 2009
    risk 0.00cvss epss 0.03

    The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an…

Page 1 of 2