Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:ebuild/media-libs/libpng@1.4.3
purl pkg:ebuild/media-libs/libpng@1.4.3
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-d5tt-4fbc-m7ar Uncontrolled Resource Consumption The png_decompress_chunk function in pngrutil.c in libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. CVE-2010-0205
VCID-dtf8-3v7n-yydn Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Buffer overflow in pngpread.c in libpng, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. CVE-2010-1205
VCID-s9ps-uutg-r7cf Missing Release of Memory after Effective Lifetime Memory leak in pngrutil.c in libpng , allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. CVE-2010-2249

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T13:00:46.386792+00:00 Gentoo Importer Fixing VCID-s9ps-uutg-r7cf https://security.gentoo.org/glsa/201010-01 38.0.0
2026-04-01T13:00:46.373205+00:00 Gentoo Importer Fixing VCID-dtf8-3v7n-yydn https://security.gentoo.org/glsa/201010-01 38.0.0
2026-04-01T13:00:46.360773+00:00 Gentoo Importer Fixing VCID-d5tt-4fbc-m7ar https://security.gentoo.org/glsa/201010-01 38.0.0