This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Libpng First view 2007-10-08
Product Libpng Last view 2019-07-10
Version 1.0.0a Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:libpng:libpng

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2019-07-10 CVE-2017-12652

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

7.5 2017-01-30 CVE-2016-10087

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.

7.8 2016-07-10 CVE-2016-3751

Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.

7.5 2015-11-12 CVE-2015-8126

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

7.5 2015-01-18 CVE-2015-0973

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

10 2015-01-10 CVE-2014-9495

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

5 2014-05-06 CVE-2013-7354

Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.

5 2014-05-06 CVE-2013-7353

Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.

5 2014-01-12 CVE-2013-6954

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.

6.8 2012-03-22 CVE-2011-3045

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

5 2011-08-31 CVE-2009-5063

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.

5 2011-08-31 CVE-2006-7244

Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.

8.8 2011-07-17 CVE-2011-2692

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.

6.5 2011-07-17 CVE-2011-2691

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.

8.8 2011-07-17 CVE-2011-2690

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

6.5 2011-07-17 CVE-2011-2501

The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.

5 2010-06-30 CVE-2010-2249

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

7.5 2010-06-30 CVE-2010-1205

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

4.3 2010-03-03 CVE-2010-0205

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.

4.3 2009-06-12 CVE-2009-2042

libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.

6.8 2009-02-22 CVE-2009-0040

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.

5 2009-01-15 CVE-2008-5907

The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.

4.3 2008-09-10 CVE-2008-3964

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

5 2007-10-08 CVE-2007-5269

Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.

4.3 2007-10-08 CVE-2007-5268

pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.

CWE : Common Weakness Enumeration

%idName
21% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
17% (4) CWE-399 Resource Management Errors
17% (4) CWE-189 Numeric Errors
8% (2) CWE-476 NULL Pointer Dereference
8% (2) CWE-20 Improper Input Validation
4% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
4% (1) CWE-200 Information Exposure
4% (1) CWE-190 Integer Overflow or Wraparound
4% (1) CWE-125 Out-of-bounds Read
4% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
4% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Open Source Vulnerability Database (OSVDB)

id Description
75210 libpng pngwutil.c JPEG Image iCCP Chunk Memory Leak DoS
74757 libpng Unspecified Issue
73984 libpng png_rgb_to_gray Function PNG File Handling Overflow
73983 libpng pngerror.c png_err Function NULL Argument PNG File Handling DoS
73982 libpng pngrutil.c png_handle_sCAL Function PNG File Handling Memory Corruptio...
73493 libpng pngerror.c png_format_buffer() Off-by-one PNG Image Handling Remote DoS
66600 Mozilla Multiple Products PNG File Handling Overflow
65853 libpng pngrutil.c sCAL Chunk Memory Corruption DoS
65852 libpng pngpread.c PNG Image Data Height Overflow
62670 libpng pngrutil.c png_decompress_chunk Function Ancillary Chunks PNG File Dec...
54915 libpng 1-bit Interlaced Image Handling Memory Disclosure
53317 libpng 16-bit Gamma Table Handling Uninitialised Pointer Free Arbitrary Code ...
53316 libpng pCAL Chunk Handling Uninitialised Pointer Free Arbitrary Code Execution
53315 libpng png_read_png Function Uninitialised Pointer Free Arbitrary Code Execution
53314 libpng pngwutil.c png_check_keyword Function PNG File Handling Arbitrary Memo...
48298 libpng pngread.c png_push_read_zTXt() Function Off-By-One
38274 libpng Chunk Handlers PNG Handling Multiple Method DoS
38273 libpng pngrtran.c Crafted PNG Multiple Method DoS
38272 libpng pngset.c png_set_iCCP Function PNG Handling Off-by-one DoS

ExploitDB Exploits

id Description
14422 libpng <= 1.4.2 Denial of Service Vulnerability

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-09-18 Name : Debian Security Advisory DSA 2439-1 (libpng - buffer overflow)
File : nvt/deb_2439_1.nasl
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0466-1 (update)
File : nvt/gb_suse_2012_0466_1.nasl
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-25 (vmware-server vmware-player vmware-w...
File : nvt/glsa_201209_25.nasl
2012-09-10 Name : Slackware Advisory SSA:2012-206-01 libpng
File : nvt/esoft_slk_ssa_2012_206_01.nasl
2012-08-30 Name : Fedora Update for libpng10 FEDORA-2012-3507
File : nvt/gb_fedora_2012_3507_libpng10_fc17.nasl
2012-08-30 Name : Fedora Update for libpng FEDORA-2012-3605
File : nvt/gb_fedora_2012_3605_libpng_fc17.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-15 (libpng)
File : nvt/glsa_201206_15.nasl
2012-08-03 Name : Mandriva Update for libpng MDVSA-2012:033 (libpng)
File : nvt/gb_mandriva_MDVSA_2012_033.nasl
2012-07-30 Name : CentOS Update for libpng10 CESA-2011:1103 centos4 x86_64
File : nvt/gb_CESA-2011_1103_libpng10_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for libpng CESA-2011:1104 centos5 x86_64
File : nvt/gb_CESA-2011_1104_libpng_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for libpng CESA-2012:0407 centos5
File : nvt/gb_CESA-2012_0407_libpng_centos5.nasl
2012-07-30 Name : CentOS Update for libpng CESA-2012:0407 centos6
File : nvt/gb_CESA-2012_0407_libpng_centos6.nasl
2012-07-09 Name : RedHat Update for libpng RHSA-2011:1105-01
File : nvt/gb_RHSA-2011_1105-01_libpng.nasl
2012-05-18 Name : Mac OS X Multiple Vulnerabilities (2012-002)
File : nvt/gb_macosx_su12-002.nasl
2012-04-30 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium10.nasl
2012-04-26 Name : Fedora Update for libpng FEDORA-2012-5515
File : nvt/gb_fedora_2012_5515_libpng_fc15.nasl
2012-04-26 Name : Fedora Update for libpng FEDORA-2012-5518
File : nvt/gb_fedora_2012_5518_libpng_fc16.nasl
2012-04-16 Name : VMSA-2010-0007: VMware hosted products, vCenter Server and ESX patches resolv...
File : nvt/gb_VMSA-2010-0007.nasl
2012-04-11 Name : Fedora Update for libpng10 FEDORA-2012-5079
File : nvt/gb_fedora_2012_5079_libpng10_fc15.nasl
2012-04-11 Name : Fedora Update for libpng10 FEDORA-2012-5080
File : nvt/gb_fedora_2012_5080_libpng10_fc16.nasl
2012-04-02 Name : Fedora Update for libpng10 FEDORA-2012-3536
File : nvt/gb_fedora_2012_3536_libpng10_fc15.nasl
2012-04-02 Name : Fedora Update for libpng10 FEDORA-2012-3545
File : nvt/gb_fedora_2012_3545_libpng10_fc16.nasl
2012-04-02 Name : Fedora Update for libpng FEDORA-2012-3705
File : nvt/gb_fedora_2012_3705_libpng_fc15.nasl
2012-03-26 Name : Fedora Update for libpng FEDORA-2012-3739
File : nvt/gb_fedora_2012_3739_libpng_fc16.nasl
2012-03-26 Name : Ubuntu Update for libpng USN-1402-1
File : nvt/gb_ubuntu_USN_1402_1.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2010-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0023997

Snort® IPS/IDS

Date Description
2019-12-24 Mutiple products libpng extra row heap overflow attempt
RuleID : 52307 - Type : FILE-IMAGE - Revision : 1
2019-12-24 Mutiple products libpng extra row heap overflow attempt
RuleID : 52306 - Type : FILE-IMAGE - Revision : 1
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 25066 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 25065 - Type : FILE-IMAGE - Revision : 5
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22109 - Type : FILE-IMAGE - Revision : 10
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22108 - Type : FILE-IMAGE - Revision : 10
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22107 - Type : FILE-IMAGE - Revision : 10
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22106 - Type : FILE-IMAGE - Revision : 11
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22105 - Type : FILE-IMAGE - Revision : 12
2014-01-10 libpng chunk decompression integer overflow attempt
RuleID : 22104 - Type : FILE-IMAGE - Revision : 11
2014-01-10 libpng png_inflate buffer overflow attempt
RuleID : 21990 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng png_inflate buffer overflow attempt
RuleID : 21989 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng png_inflate buffer overflow attempt
RuleID : 21988 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng png_inflate buffer overflow attempt
RuleID : 21987 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng png_inflate buffer overflow attempt
RuleID : 21986 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng png_inflate buffer overflow attempt
RuleID : 21985 - Type : FILE-IMAGE - Revision : 4
2014-01-10 libpng malformed chunk denial of service attempt
RuleID : 14772 - Type : FILE-IMAGE - Revision : 7

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-1d305fa070.nasl - Type: ACT_GATHER_INFO
2017-04-18 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-477.nasl - Type: ACT_GATHER_INFO
2017-04-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-84bc8ac268.nasl - Type: ACT_GATHER_INFO
2017-04-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-bad9942e42.nasl - Type: ACT_GATHER_INFO
2017-04-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-66fd940572.nasl - Type: ACT_GATHER_INFO
2017-04-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-cf1944f480.nasl - Type: ACT_GATHER_INFO
2017-04-07 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0950-1.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-441.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-443.nasl - Type: ACT_GATHER_INFO
2017-04-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0901-1.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0853-1.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0860-1.nasl - Type: ACT_GATHER_INFO
2017-01-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201701-74.nasl - Type: ACT_GATHER_INFO
2017-01-10 Name: The remote Fedora host is missing a security update.
File: fedora_2016-1a7e14d084.nasl - Type: ACT_GATHER_INFO
2017-01-10 Name: The remote Fedora host is missing a security update.
File: fedora_2016-a4b06a036b.nasl - Type: ACT_GATHER_INFO
2017-01-03 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2016-365-01.nasl - Type: ACT_GATHER_INFO
2016-11-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201611-08.nasl - Type: ACT_GATHER_INFO
2016-07-19 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-1430.nasl - Type: ACT_GATHER_INFO
2016-06-23 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-754.nasl - Type: ACT_GATHER_INFO
2016-06-02 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL76930736.nasl - Type: ACT_GATHER_INFO
2016-05-26 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL81903701.nasl - Type: ACT_GATHER_INFO
2016-03-23 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-664.nasl - Type: ACT_GATHER_INFO
2016-03-22 Name: The remote Mac OS X host is affected by multiple vulnerabilities.
File: macosx_10_11_4.nasl - Type: ACT_GATHER_INFO
2016-03-22 Name: The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File: macosx_SecUpd2016-002.nasl - Type: ACT_GATHER_INFO
2016-03-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0776-1.nasl - Type: ACT_GATHER_INFO