Multiple off-by-one errors in libpng prior to 1.2.32beta01, and 1.4 prior to 1.4.0beta34, allow context-dependent malicious users to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libpng libpng |
||
libpng libpng 1.4.0 |