Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libpng vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-18511
Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.
Mozilla Firefox 65.0
4.3
CVSSv2
CVE-2019-6129
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.
Libpng Libpng 1.6.36
4.3
CVSSv2
CVE-2019-3572
An issue exists in libming 0.4.8. There is a heap-based buffer over-read in the function writePNG in the file util/dbl2png.c of the dbl2png command-line program. Because this is associated with an erroneous call to png_write_row in libpng, an out-of-bounds write might occur for s...
Libming Libming 0.4.8
4.3
CVSSv2
CVE-2018-14876
An issue exists in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width.
Flif Flif 0.3
4.3
CVSSv2
CVE-2018-14048
An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
Libpng Libpng 1.6.34
Oracle Jdk 11.0.0
Oracle Jre 11.0.0
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Jdk 1.6.0
Oracle Jre 1.6.0
Oracle Jre 1.7.0
Oracle Jre 1.8.0
4.3
CVSSv2
CVE-2018-13785
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
Libpng Libpng 1.6.34
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
Oracle Jdk 11.0.0
Oracle Jre 11.0.0
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Jdk 1.6.0
Oracle Jre 1.6.0
Oracle Jre 1.7.0
Oracle Jre 1.8.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
4.3
CVSSv2
CVE-2012-3425
The png_push_read_zTXt function in pngpread.c in libpng 1.0.x prior to 1.0.58, 1.2.x prior to 1.2.48, 1.4.x prior to 1.4.10, and 1.5.x prior to 1.5.10 allows remote malicious users to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Libpng Libpng 1.4.9
Libpng Libpng 1.4.4
Libpng Libpng 1.4.7
Libpng Libpng 1.4.1
Libpng Libpng 1.4.2
Libpng Libpng 1.4.0
Libpng Libpng 1.4.6
Libpng Libpng 1.4.5
Libpng Libpng 1.4.3
Libpng Libpng 1.4.8
Opensuse Opensuse 11.4
Opensuse Opensuse 12.1
Libpng Libpng 1.2.14
Libpng Libpng 1.2.45
Libpng Libpng 1.2.46
Libpng Libpng 1.2.33
Libpng Libpng 1.2.16
Libpng Libpng 1.2.35
4.3
CVSSv2
CVE-2011-2691
The png_err function in pngerror.c in libpng 1.0.x prior to 1.0.55, 1.2.x prior to 1.2.45, 1.4.x prior to 1.4.8, and 1.5.x prior to 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote malicious users to cause a denial...
Libpng Libpng
Fedoraproject Fedora 14
Debian Debian Linux 5.0
Debian Debian Linux 6.0
4.3
CVSSv2
CVE-2011-2501
The png_format_buffer function in pngerror.c in libpng 1.0.x prior to 1.0.55, 1.2.x prior to 1.2.45, 1.4.x prior to 1.4.8, and 1.5.x prior to 1.5.4 allows remote malicious users to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bound...
Libpng Libpng
Fedoraproject Fedora 14
Debian Debian Linux 5.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 8.04
4.3
CVSSv2
CVE-2010-2249
Memory leak in pngrutil.c in libpng prior to 1.2.44, and 1.4.x prior to 1.4.3, allows remote malicious users to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
Libpng Libpng
Apple Itunes
Apple Safari
Apple Iphone Os
Apple Tvos
Fedoraproject Fedora 13
Fedoraproject Fedora 12
Suse Linux Enterprise Server 10
Opensuse Opensuse 11.1
Suse Linux Enterprise Server 11
Suse Linux Enterprise Server 9
Opensuse Opensuse 11.2
Vmware Player
Vmware Workstation
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 9.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »