VulnerableCode Package Details - pkg:nuget/libpng@1.6.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:nuget/libpng@1.6.0

Essentials
History (7)

purl	pkg:nuget/libpng@1.6.0
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-3ggs-vja8-r3de Aliases: CVE-2015-0973	Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.	1.6.18.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-cu24-1rcd-93g3 Aliases: CVE-2015-8126	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.	1.6.19.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-had5-3tnv-k3hm Aliases: CVE-2013-6954	Uncontrolled Resource Consumption The png_do_expand_palette function in libpng allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.	1.6.18.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mxh6-rpb3-tbbq Aliases: CVE-2014-9495	Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the png_combine_row function in libpng, when running on systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.	1.6.18.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nhbw-6tpy-pbh3 Aliases: CVE-2014-0333	Uncontrolled Resource Consumption The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.	1.6.18.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vhp1-5zpy-rfdt Aliases: CVE-2021-4214	libpng: hardcoded value leads to heap-overflow	1.6.18.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zetn-zwnv-u7gf Aliases: CVE-2016-10087	NULL Pointer Dereference The png_set_text_2 function in libpng allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.	1.6.26.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.6.28.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T21:27:30.651508+00:00	GitLab Importer	Affected by	VCID-vhp1-5zpy-rfdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libpng/CVE-2021-4214.yml	38.1.0
2026-04-01T12:47:10.636817+00:00	GitLab Importer	Affected by	VCID-zetn-zwnv-u7gf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libpng/CVE-2016-10087.yml	38.0.0
2026-04-01T12:46:59.162556+00:00	GitLab Importer	Affected by	VCID-cu24-1rcd-93g3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libpng/CVE-2015-8126.yml	38.0.0
2026-04-01T12:46:55.777831+00:00	GitLab Importer	Affected by	VCID-3ggs-vja8-r3de	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libpng/CVE-2015-0973.yml	38.0.0
2026-04-01T12:46:55.664086+00:00	GitLab Importer	Affected by	VCID-mxh6-rpb3-tbbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libpng/CVE-2014-9495.yml	38.0.0
2026-04-01T12:46:51.957882+00:00	GitLab Importer	Affected by	VCID-nhbw-6tpy-pbh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libpng/CVE-2014-0333.yml	38.0.0
2026-04-01T12:46:51.370254+00:00	GitLab Importer	Affected by	VCID-had5-3tnv-k3hm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libpng/CVE-2013-6954.yml	38.0.0