Vulnerabilities > Libpng

DATE CVE VULNERABILITY TITLE RISK
2020-12-08 CVE-2020-27818 Out-Of-Bounds Read vulnerability in multiple products
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0.
4.3
2019-07-10 CVE-2017-12652 Improper Input Validation vulnerability in Libpng
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
network
low complexity
libpng CWE-20
7.5
2019-07-10 CVE-2018-14550 Out-Of-Bounds Write vulnerability in Libpng 1.6.35
An issue has been found in third-party PNM decoding associated with libpng 1.6.35.
network
libpng CWE-787
6.8
2019-02-04 CVE-2019-7317 USE After Free vulnerability in multiple products
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
network
high complexity
libpng debian canonical CWE-416
2.6
2019-01-11 CVE-2019-6129 Memory Leak vulnerability in Libpng 1.6.36
** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp.
network
libpng CWE-401
4.3
2018-07-13 CVE-2018-14048 An issue has been found in libpng 1.6.34.
network
libpng oracle
4.3
2018-07-09 CVE-2018-13785 Divide BY Zero vulnerability in multiple products
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
4.3
2017-01-30 CVE-2016-10087 Null Pointer Dereference vulnerability in Libpng
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
network
low complexity
libpng CWE-476
5.0
2016-07-11 CVE-2016-3751 Remote Privilege Escalation vulnerability in Libpng
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
network
low complexity
libpng google
7.5
2016-04-14 CVE-2015-8540 Numeric Errors vulnerability in multiple products
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
9.3