Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libpng vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-9817
Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox Esr
5
CVSSv2
CVE-2019-9797
Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66.
Mozilla Firefox
5
CVSSv2
CVE-2016-10087
The png_set_text_2 function in libpng 0.71 prior to 1.0.67, 1.2.x prior to 1.2.57, 1.4.x prior to 1.4.20, 1.5.x prior to 1.5.28, and 1.6.x prior to 1.6.27 allows context-dependent malicious users to cause a NULL pointer dereference vectors involving loading a text chunk into a pn...
Libpng Libpng 1.0.5g
Libpng Libpng 1.0.37
Libpng Libpng 0.99e
Libpng Libpng 0.98
Libpng Libpng 1.0.4d
Libpng Libpng 1.0.41
Libpng Libpng 1.0.0b
Libpng Libpng 1.0.1b
Libpng Libpng 1.0.46
Libpng Libpng 0.99d
Libpng Libpng 1.0.4c
Libpng Libpng 1.0.65
Libpng Libpng 1.0.5t
Libpng Libpng 1.0.1
Libpng Libpng 1.0.4e
Libpng Libpng 1.0.1c
Libpng Libpng 1.0.8
Libpng Libpng 0.81
Libpng Libpng 1.0.5n
Libpng Libpng 0.88
Libpng Libpng 1.0.6f
Libpng Libpng 1.0.5k
1 Article
5
CVSSv2
CVE-2013-7353
Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng prior to 1.5.14beta08 allows context-dependent malicious users to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.
Libpng Libpng 1.5.0
Libpng Libpng 1.5.1
Libpng Libpng 1.5.5
Libpng Libpng 1.5.9
Libpng Libpng
Libpng Libpng 1.5.12
Libpng Libpng 1.5.2
Libpng Libpng 1.5.7
Libpng Libpng 1.5.11
Libpng Libpng 1.5.10
Libpng Libpng 1.5.6
Libpng Libpng 1.5.13
Libpng Libpng 1.5.3
Libpng Libpng 1.5.4
Libpng Libpng 1.5.8
5
CVSSv2
CVE-2013-7354
Multiple integer overflows in libpng prior to 1.5.14rc03 allow remote malicious users to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.
Libpng Libpng 1.5.0
Libpng Libpng 1.5.1
Libpng Libpng 1.5.5
Libpng Libpng 1.5.9
Libpng Libpng
Libpng Libpng 1.5.12
Libpng Libpng 1.5.2
Libpng Libpng 1.5.3
Libpng Libpng 1.5.7
Libpng Libpng 1.5.11
Libpng Libpng 1.5.10
Libpng Libpng 1.5.6
Libpng Libpng 1.5.13
Libpng Libpng 1.5.4
Libpng Libpng 1.5.8
5
CVSSv2
CVE-2014-0333
The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x up to and including 1.6.9 allows remote malicious users to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.
Libpng Libpng 1.6.3
Libpng Libpng 1.6.4
Libpng Libpng 1.6.8
Libpng Libpng 1.6.9
Libpng Libpng 1.6.1
Libpng Libpng 1.6.6
Libpng Libpng 1.6.7
Libpng Libpng 1.6.2
Libpng Libpng 1.6.0
Libpng Libpng 1.6.5
5
CVSSv2
CVE-2009-5063
Memory leak in the embedded_profile_len function in pngwutil.c in libpng prior to 1.2.39beta5 allows context-dependent malicious users to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile lengt...
Libpng Libpng 1.2.39
Libpng Libpng
5
CVSSv2
CVE-2006-7244
Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions prior to 1.2.15beta3, allows context-dependent malicious users to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.
Libpng Libpng 1.0.37
Libpng Libpng 1.2.14
Libpng Libpng 1.2.11
Libpng Libpng 1.0.6
Libpng Libpng 1.0.23
Libpng Libpng 1.0.41
Libpng Libpng 1.0.9
Libpng Libpng 1.0.15
Libpng Libpng 1.2.0
Libpng Libpng 1.0.10
Libpng Libpng 1.2.10
Libpng Libpng 1.0.7
Libpng Libpng 1.0.46
Libpng Libpng 1.0.17
Libpng Libpng 1.0.29
Libpng Libpng 1.2.1
Libpng Libpng 1.0.27
Libpng Libpng 1.0.1
Libpng Libpng 1.0.8
Libpng Libpng 1.0.12
Libpng Libpng 1.0.31
Libpng Libpng 1.0.14
5
CVSSv2
CVE-2010-2754
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x prior to 3.5.11 and 3.6.x prior to 3.6.7, Thunderbird 3.0.x prior to 3.0.6 and 3.1.x prior to 3.1.1, and SeaMonkey prior to 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and...
Mozilla Firefox 3.5.4
Mozilla Firefox 3.5.5
Mozilla Firefox 3.6.3
Mozilla Firefox 3.6.4
Mozilla Firefox 3.5.1
Mozilla Firefox 3.5.9
Mozilla Firefox 3.5.10
Mozilla Firefox 3.5.6
Mozilla Firefox 3.5.7
Mozilla Firefox 3.6.6
Mozilla Firefox 3.5.2
Mozilla Firefox 3.5.3
Mozilla Firefox 3.6.1
Mozilla Firefox 3.6.2
Mozilla Thunderbird 3.0.5
Mozilla Thunderbird 3.1
Mozilla Thunderbird 3.0.1
Mozilla Thunderbird 3.0.2
Mozilla Thunderbird 3.0
Mozilla Thunderbird 3.0.3
Mozilla Thunderbird 3.0.4
Mozilla Seamonkey 1.0.5
5
CVSSv2
CVE-2008-5907
The png_check_keyword function in pngwutil.c in libpng prior to 1.0.42, and 1.2.x prior to 1.2.34, might allow context-dependent malicious users to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to ...
Libpng Libpng
Debian Debian Linux 4.0
Debian Debian Linux 5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »