Vulnerabilities > Libpng > Libpng > 1.0.0a

DATE CVE VULNERABILITY TITLE RISK
2019-07-10 CVE-2017-12652 Improper Input Validation vulnerability in multiple products
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
network
low complexity
libpng netapp CWE-20
critical
9.8
2017-01-30 CVE-2016-10087 NULL Pointer Dereference vulnerability in Libpng
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
network
low complexity
libpng CWE-476
7.5
2016-07-11 CVE-2016-3751 Remote Privilege Escalation vulnerability in Libpng
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
network
low complexity
libpng google
7.5
2015-11-13 CVE-2015-8126 Classic Buffer Overflow vulnerability in multiple products
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
7.5
2015-01-18 CVE-2015-0973 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
network
low complexity
oracle libpng apple CWE-119
7.5
2014-05-06 CVE-2013-7354 Numeric Errors vulnerability in Libpng
Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.
network
low complexity
libpng CWE-189
5.0
2014-05-06 CVE-2013-7353 Numeric Errors vulnerability in Libpng
Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.
network
low complexity
libpng CWE-189
5.0
2011-07-17 CVE-2011-2692 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
network
low complexity
libpng fedoraproject debian canonical CWE-119
8.8
2011-07-17 CVE-2011-2691 NULL Pointer Dereference vulnerability in multiple products
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.
network
low complexity
libpng fedoraproject debian CWE-476
6.5
2011-07-17 CVE-2011-2690 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.
6.8