Vulnerabilities > Libpng > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-08-24 CVE-2021-4214 A heap overflow flaw was found in libpngs' pngimage.c program.
local
low complexity
libpng debian netapp
5.5
2019-02-04 CVE-2019-7317 Use After Free vulnerability in multiple products
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
5.3
2019-01-11 CVE-2019-6129 Memory Leak vulnerability in Libpng 1.6.36
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp.
network
low complexity
libpng CWE-401
6.5
2018-07-13 CVE-2018-14048 An issue has been found in libpng 1.6.34.
network
low complexity
libpng oracle
6.5
2018-07-09 CVE-2018-13785 Integer Overflow or Wraparound vulnerability in multiple products
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
network
low complexity
libpng canonical oracle redhat CWE-190
6.5
2011-07-17 CVE-2011-2691 NULL Pointer Dereference vulnerability in multiple products
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.
network
low complexity
libpng fedoraproject debian CWE-476
6.5
2011-07-17 CVE-2011-2501 Out-of-bounds Read vulnerability in multiple products
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data.
network
low complexity
libpng fedoraproject debian canonical CWE-125
6.5
2010-06-30 CVE-2010-2249 Memory Leak vulnerability in multiple products
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
6.5