Search for packages
| purl | pkg:nuget/libpng@1.6.18.1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5njw-r47p-uubd
Aliases: CVE-2016-3751 |
Privilege Escalation Unspecified vulnerability in libpng, as used in Android , allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug |
Affected by 2 other vulnerabilities. |
|
VCID-c8zs-kx3n-rydr
Aliases: CVE-2017-12652 |
libpng before 1.6.32 does not properly check the length of chunks against the user limit. | There are no reported fixed by versions. |
|
VCID-e4mt-jgqe-6kav
Aliases: CVE-2016-10087 |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
|
VCID-f7vh-t4se-xuf9
Aliases: CVE-2015-8126 |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1vs6-w7dj-hkge | libpng: hardcoded value leads to heap-overflow |
CVE-2021-4214
|
| VCID-3ee7-7dqa-mfe3 |
CVE-2011-3048
|
|
| VCID-3kfq-fqfw-auhp |
CVE-2011-2690
|
|
| VCID-djmw-4qkk-zuha | Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. |
CVE-2013-7353
|
| VCID-etf6-ws2b-fkdm | Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. |
CVE-2015-0973
|
| VCID-ewey-d2ma-6ygc |
CVE-2015-8472
|
|
| VCID-j1rk-1ybu-kqet |
CVE-2015-8540
|
|
| VCID-jvwt-39g6-b3cn | Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the png_combine_row function in libpng, when running on systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. |
CVE-2014-9495
|
| VCID-p4dn-78nk-zkc5 | The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. |
CVE-2013-6954
|
| VCID-rnxv-8627-jqf8 |
CVE-2011-2692
|
|
| VCID-shsj-rvx6-93bq | NULL Pointer Dereference The png_err function in pngerror.c in libpng makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image. |
CVE-2011-2691
|
| VCID-w86b-qj89-3qek | Uncontrolled Resource Consumption The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero. |
CVE-2014-0333
|
| VCID-y2zd-eatg-e3da | Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. |
CVE-2013-7354
|
| VCID-ym5b-6d7n-effn | Improper Restriction of Operations within the Bounds of a Memory Buffer pngrtran.c in libpng allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information. |
CVE-2011-0408
|
| VCID-zer3-qp44-augp |
CVE-2012-3425
|