VulnerableCode Package Details - pkg:ebuild/media-libs/libpng@1.4.3

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-gwcb-88br-aaae	Missing Release of Memory after Effective Lifetime Memory leak in pngrutil.c in libpng , allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.	CVE-2010-2249
VCID-mfxw-xnvp-aaac	Uncontrolled Resource Consumption The png_decompress_chunk function in pngrutil.c in libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.	CVE-2010-0205
VCID-wnh2-s874-aaaj	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Buffer overflow in pngpread.c in libpng, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.	CVE-2010-1205

Vulnerability

Summary

Aliases

VCID-gwcb-88br-aaae

Missing Release of Memory after Effective Lifetime Memory leak in pngrutil.c in libpng , allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

CVE-2010-2249

VCID-mfxw-xnvp-aaac

Uncontrolled Resource Consumption The png_decompress_chunk function in pngrutil.c in libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.

CVE-2010-0205

VCID-wnh2-s874-aaaj

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Buffer overflow in pngpread.c in libpng, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

CVE-2010-1205

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T12:45:50.255369+00:00	Gentoo Importer	Fixing	VCID-gwcb-88br-aaae	https://security.gentoo.org/glsa/201010-01	36.0.0
2025-03-28T12:45:50.232873+00:00	Gentoo Importer	Fixing	VCID-wnh2-s874-aaaj	https://security.gentoo.org/glsa/201010-01	36.0.0
2025-03-28T12:45:50.211287+00:00	Gentoo Importer	Fixing	VCID-mfxw-xnvp-aaac	https://security.gentoo.org/glsa/201010-01	36.0.0
2024-09-18T07:40:30.276346+00:00	Gentoo Importer	Fixing	VCID-gwcb-88br-aaae	https://security.gentoo.org/glsa/201010-01	34.0.1
2024-09-18T07:40:30.249931+00:00	Gentoo Importer	Fixing	VCID-wnh2-s874-aaaj	https://security.gentoo.org/glsa/201010-01	34.0.1
2024-09-18T07:40:30.225598+00:00	Gentoo Importer	Fixing	VCID-mfxw-xnvp-aaac	https://security.gentoo.org/glsa/201010-01	34.0.1
2024-01-04T01:46:25.199601+00:00	Gentoo Importer	Fixing	VCID-gwcb-88br-aaae	https://security.gentoo.org/glsa/201010-01	34.0.0rc1
2024-01-04T01:46:25.178412+00:00	Gentoo Importer	Fixing	VCID-wnh2-s874-aaaj	https://security.gentoo.org/glsa/201010-01	34.0.0rc1
2024-01-04T01:46:25.157085+00:00	Gentoo Importer	Fixing	VCID-mfxw-xnvp-aaac	https://security.gentoo.org/glsa/201010-01	34.0.0rc1