Search for packages
| purl | pkg:nuget/libpng@1.6.18.1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2vwq-s4y4-aaae
Aliases: CVE-2015-8126 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. |
Affected by 3 other vulnerabilities. |
|
VCID-4wrn-uqht-aaan
Aliases: CVE-2017-12652 |
Improper Input Validation libpng does not properly check the length of chunks against the user limit. | There are no reported fixed by versions. |
|
VCID-7ep2-beej-aaaf
Aliases: CVE-2016-10087 |
NULL Pointer Dereference The png_set_text_2 function in libpng allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-n3zc-yzy3-aaaq
Aliases: CVE-2016-3751 |
Privilege Escalation Unspecified vulnerability in libpng, as used in Android , allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug |
Affected by 3 other vulnerabilities. |
|
VCID-pkbe-c1vr-aaaf
Aliases: CVE-2018-14550 GHSA-qwwr-qc2p-6283 |
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4nkw-ugs7-aaae | Heap-based Buffer Overflow Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. |
CVE-2013-7353
|
| VCID-51sn-78qt-aaab | Improper Restriction of Operations within the Bounds of a Memory Buffer The png_handle_sCAL function in pngrutil.c in libpng does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory. |
CVE-2011-2692
|
| VCID-52ek-nmkc-aaaf | Out-of-bounds Read Integer underflow in the png_check_keyword function in pngwutil.c in libpng allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. |
CVE-2015-8540
|
| VCID-53c3-zc8k-aaam | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Buffer overflow in libpng , when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. |
CVE-2011-2690
|
| VCID-6xqm-tgr1-aaaj | Uncontrolled Resource Consumption Multiple integer overflows in libpng rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. |
CVE-2013-7354
|
| VCID-731z-2fss-aaaq | Uncontrolled Resource Consumption The png_do_expand_palette function in libpng allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. |
CVE-2013-6954
|
| VCID-7t81-ercm-aaam | Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. |
CVE-2015-0973
|
| VCID-apat-tmy7-aaac | Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the png_combine_row function in libpng, when running on systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. |
CVE-2014-9495
|
| VCID-canc-ytmr-aaae | Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. |
CVE-2015-8472
|
| VCID-ef5v-w8g5-aaak | Improper Restriction of Operations within the Bounds of a Memory Buffer The png_push_read_zTXt function in pngpread.c in libpng allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image. |
CVE-2012-3425
|
| VCID-f2se-ewwh-aaaa | A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. |
CVE-2021-4214
|
| VCID-p2mj-2bgk-aaar | Uncontrolled Resource Consumption The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero. |
CVE-2014-0333
|
| VCID-r8pr-8tth-aaaj | Improper Restriction of Operations within the Bounds of a Memory Buffer pngrtran.c in libpng allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information. |
CVE-2011-0408
|
| VCID-t99a-x9bm-aaam | NULL Pointer Dereference The png_err function in pngerror.c in libpng makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image. |
CVE-2011-2691
|
| VCID-vq4h-f8a5-aaap | Improper Restriction of Operations within the Bounds of a Memory Buffer The png_set_text_2 function in pngset.c in libpng allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. |
CVE-2011-3048
|