Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (9)
| Vulnerability |
Summary |
Aliases |
|
VCID-9dg2-qygx-vbah
|
NULL Pointer Dereference
The png_err function in pngerror.c in libpng makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.
|
CVE-2011-2691
|
|
VCID-axvf-w4r8-xkhv
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
The png_set_text_2 function in pngset.c in libpng allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
|
CVE-2011-3048
|
|
VCID-kf5b-ush9-mkd1
|
Out-of-bounds Read
The png_format_buffer function in pngerror.c in libpng allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
|
CVE-2011-2501
|
|
VCID-kqq3-drz4-4bef
|
Multiple vulnerabilities in libpng might allow remote attackers to
execute arbitrary code or cause a Denial of Service condition.
|
CVE-2011-3026
|
|
VCID-p9pa-b6en-j3f6
|
Stack-based buffer overflow
Off-by-one error in the png_formatted_warning function in pngerror.c in libpng might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.
|
CVE-2011-3464
|
|
VCID-qpn2-bwsx-1kcg
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Buffer overflow in libpng , when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.
|
CVE-2011-2690
|
|
VCID-uddn-ka9m-wycz
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
The png_handle_sCAL function in pngrutil.c in libpng does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
|
CVE-2011-2692
|
|
VCID-wv1g-n5xx-7ycn
|
Integer Overflow or Wraparound
Integer signedness error in the png_inflate function in pngrutil.c in libpng beta01, as used in Google Chrome and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
|
CVE-2011-3045
|
|
VCID-zjm2-7z5h-fffa
|
Multiple vulnerabilities in libpng might allow remote attackers to
execute arbitrary code or cause a Denial of Service condition.
|
CVE-2009-5063
|