VYPR

Vendor CVEs

Libpng

All CVEs

66 total · sorted by risk
  • CVE-2008-3964Sep 11, 2008
    risk 0.00cvss epss 0.03

    Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function…

  • CVE-2008-1382Apr 14, 2008
    risk 0.00cvss epss 0.06

    libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of…

  • CVE-2007-5267Oct 8, 2007
    risk 0.00cvss epss 0.02

    Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.

  • CVE-2007-5266Oct 8, 2007
    risk 0.00cvss epss 0.03

    Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL…

  • CVE-2007-5268Oct 8, 2007
    risk 0.00cvss epss 0.03

    pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.

  • CVE-2007-5269Oct 8, 2007
    risk 0.00cvss epss 0.05

    Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT…

  • CVE-2007-2445May 16, 2007
    risk 0.00cvss epss 0.05

    The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.

  • CVE-2006-5793Nov 17, 2006
    risk 0.00cvss epss 0.02

    The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds…

  • CVE-2006-3334Jun 30, 2006
    risk 0.00cvss epss 0.04

    Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the…

  • CVE-2006-0481Jan 31, 2006
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.

  • CVE-2004-0599Nov 23, 2004
    risk 0.00cvss epss 0.06

    Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed…

  • CVE-2004-0768Oct 20, 2004
    risk 0.00cvss epss 0.03

    libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.

  • CVE-2004-0421Aug 18, 2004
    risk 0.00cvss epss 0.04

    The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

  • CVE-2002-1363Dec 26, 2002
    risk 0.00cvss epss 0.06

    Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.

  • CVE-2002-0728Aug 12, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.

  • CVE-2002-0660Aug 12, 2002
    risk 0.00cvss epss 0.03

    Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.

Page 2 of 2