Vulnerabilites related to libpng - libpng
CVE-2021-4214 (GCVE-0-2021-4214)
Vulnerability from cvelistv5
Published
2022-08-24 00:00
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/glennrp/libpng/issues/302"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043393"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4214"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4214"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221020-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libpng v1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap overflow flaw was found in libpngs\u0027 pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 - Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-20T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://github.com/glennrp/libpng/issues/302"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043393"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-4214"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4214"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221020-0001/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4214",
"datePublished": "2022-08-24T00:00:00",
"dateReserved": "2022-01-25T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6218 (GCVE-0-2008-6218)
Vulnerability from cvelistv5
Published
2009-02-20 17:00
Modified
2024-08-07 11:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "libpng-pnghandletext-dos(46115)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46115"
},
{
"name": "GLSA-200903-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-28.xml"
},
{
"name": "MDVSA-2010:133",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"name": "ADV-2008-2917",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2917"
},
{
"name": "31920",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31920"
},
{
"name": "ADV-2010-1837",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"name": "34388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34388"
},
{
"name": "32418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=635463\u0026group_id=5624"
},
{
"name": "34265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=635837"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0046"
},
{
"name": "1021104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021104"
},
{
"name": "DSA-1750",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "20090312 rPSA-2009-0046-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501767/100/0/threaded"
},
{
"name": "34320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "libpng-pnghandletext-dos(46115)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46115"
},
{
"name": "GLSA-200903-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-28.xml"
},
{
"name": "MDVSA-2010:133",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"name": "ADV-2008-2917",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2917"
},
{
"name": "31920",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31920"
},
{
"name": "ADV-2010-1837",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"name": "34388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34388"
},
{
"name": "32418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=635463\u0026group_id=5624"
},
{
"name": "34265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=635837"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0046"
},
{
"name": "1021104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021104"
},
{
"name": "DSA-1750",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "20090312 rPSA-2009-0046-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501767/100/0/threaded"
},
{
"name": "34320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "libpng-pnghandletext-dos(46115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46115"
},
{
"name": "GLSA-200903-28",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-28.xml"
},
{
"name": "MDVSA-2010:133",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"name": "ADV-2008-2917",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2917"
},
{
"name": "31920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31920"
},
{
"name": "ADV-2010-1837",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"name": "34388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34388"
},
{
"name": "32418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32418"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=635463\u0026group_id=5624",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=635463\u0026group_id=5624"
},
{
"name": "34265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34265"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=635837",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=635837"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0046",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0046"
},
{
"name": "1021104",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021104"
},
{
"name": "DSA-1750",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "20090312 rPSA-2009-0046-1 libpng",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501767/100/0/threaded"
},
{
"name": "34320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6218",
"datePublished": "2009-02-20T17:00:00",
"dateReserved": "2009-02-20T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10087 (GCVE-0-2016-10087)
Vulnerability from cvelistv5
Published
2017-01-30 22:00
Modified
2024-08-06 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201701-74",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-74"
},
{
"name": "USN-3712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3712-1/"
},
{
"name": "[oss-security] 20161230 Re: libpng NULL pointer dereference bugfix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/4"
},
{
"name": "95157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95157"
},
{
"name": "USN-3712-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3712-2/"
},
{
"name": "[oss-security] 20161229 libpng NULL pointer dereference bugfix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/2"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:07:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201701-74",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-74"
},
{
"name": "USN-3712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3712-1/"
},
{
"name": "[oss-security] 20161230 Re: libpng NULL pointer dereference bugfix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/4"
},
{
"name": "95157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95157"
},
{
"name": "USN-3712-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3712-2/"
},
{
"name": "[oss-security] 20161229 libpng NULL pointer dereference bugfix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/2"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201701-74",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-74"
},
{
"name": "USN-3712-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3712-1/"
},
{
"name": "[oss-security] 20161230 Re: libpng NULL pointer dereference bugfix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/4"
},
{
"name": "95157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95157"
},
{
"name": "USN-3712-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3712-2/"
},
{
"name": "[oss-security] 20161229 libpng NULL pointer dereference bugfix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/2"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10087",
"datePublished": "2017-01-30T22:00:00",
"dateReserved": "2016-12-30T00:00:00",
"dateUpdated": "2024-08-06T03:07:32.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2042 (GCVE-0-2009-2042)
Vulnerability from cvelistv5
Published
2009-06-12 20:07
Modified
2024-08-07 05:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSA:2009-170-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.551809"
},
{
"name": "ADV-2010-0682",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0682"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "MDVSA-2010:063",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39251"
},
{
"name": "libpng-interlaced-image-info-disclosure(50966)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50966"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "35346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35346"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "USN-913-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-913-1"
},
{
"name": "DSA-2032",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2032"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "35524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35524"
},
{
"name": "35233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35233"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "ADV-2010-0637",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0637"
},
{
"name": "ADV-2009-1510",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1510"
},
{
"name": "35594",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35594"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39215"
},
{
"name": "35470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35470"
},
{
"name": "GLSA-200906-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200906-01.xml"
},
{
"name": "FEDORA-2009-5977",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00218.html"
},
{
"name": "FEDORA-2009-6400",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00630.html"
},
{
"name": "ADV-2010-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0847"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via \"out-of-bounds pixels\" in the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SSA:2009-170-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.551809"
},
{
"name": "ADV-2010-0682",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0682"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "MDVSA-2010:063",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39251"
},
{
"name": "libpng-interlaced-image-info-disclosure(50966)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50966"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "35346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35346"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "USN-913-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-913-1"
},
{
"name": "DSA-2032",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2032"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "35524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35524"
},
{
"name": "35233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35233"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "ADV-2010-0637",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0637"
},
{
"name": "ADV-2009-1510",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1510"
},
{
"name": "35594",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35594"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39215"
},
{
"name": "35470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35470"
},
{
"name": "GLSA-200906-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200906-01.xml"
},
{
"name": "FEDORA-2009-5977",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00218.html"
},
{
"name": "FEDORA-2009-6400",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00630.html"
},
{
"name": "ADV-2010-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0847"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via \"out-of-bounds pixels\" in the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSA:2009-170-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.551809"
},
{
"name": "ADV-2010-0682",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0682"
},
{
"name": "39206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39206"
},
{
"name": "MDVSA-2010:063",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39251"
},
{
"name": "libpng-interlaced-image-info-disclosure(50966)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50966"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "35346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35346"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "USN-913-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-913-1"
},
{
"name": "DSA-2032",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2032"
},
{
"name": "http://www.libpng.org/pub/png/libpng.html",
"refsource": "CONFIRM",
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "35524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35524"
},
{
"name": "35233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35233"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "ADV-2010-0637",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0637"
},
{
"name": "ADV-2009-1510",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1510"
},
{
"name": "35594",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35594"
},
{
"name": "39215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39215"
},
{
"name": "35470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35470"
},
{
"name": "GLSA-200906-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200906-01.xml"
},
{
"name": "FEDORA-2009-5977",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00218.html"
},
{
"name": "FEDORA-2009-6400",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00630.html"
},
{
"name": "ADV-2010-0847",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0847"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2042",
"datePublished": "2009-06-12T20:07:00",
"dateReserved": "2009-06-12T00:00:00",
"dateUpdated": "2024-08-07T05:36:20.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2690 (GCVE-0-2011-2690)
Vulnerability from cvelistv5
Published
2011-07-17 20:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "48660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48660"
},
{
"name": "45046",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45046"
},
{
"name": "USN-1175-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1175-1"
},
{
"name": "MDVSA-2011:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "45461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "FEDORA-2011-9336",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"name": "DSA-2287",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720607"
},
{
"name": "45405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45405"
},
{
"name": "RHSA-2011:1105",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1105.html"
},
{
"name": "45460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45460"
},
{
"name": "[oss-security] 20110713 Security issues fixed in libpng 1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/13/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "libpng-pngrgbtogray-bo(68538)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68538"
},
{
"name": "45492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45492"
},
{
"name": "RHSA-2011:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1104.html"
},
{
"name": "45415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "48660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48660"
},
{
"name": "45046",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45046"
},
{
"name": "USN-1175-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1175-1"
},
{
"name": "MDVSA-2011:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "45461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "FEDORA-2011-9336",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"name": "DSA-2287",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720607"
},
{
"name": "45405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45405"
},
{
"name": "RHSA-2011:1105",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1105.html"
},
{
"name": "45460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45460"
},
{
"name": "[oss-security] 20110713 Security issues fixed in libpng 1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/13/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "libpng-pngrgbtogray-bo(68538)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68538"
},
{
"name": "45492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45492"
},
{
"name": "RHSA-2011:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1104.html"
},
{
"name": "45415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45415"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2690",
"datePublished": "2011-07-17T20:00:00",
"dateReserved": "2011-07-11T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3964 (GCVE-0-2008-3964)
Vulnerability from cvelistv5
Published
2008-09-10 15:00
Modified
2024-08-07 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:41.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=5624\u0026release_id=624517"
},
{
"name": "[oss-security] 20080909 CVE request (libpng)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/3"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "libpng-pngpushreadztxt-dos(44928)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44928"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "31049",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31049"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "[oss-security] 20080909 Re: CVE request (libpng)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/8"
},
{
"name": "VU#889484",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/889484"
},
{
"name": "ADV-2008-2512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2512"
},
{
"name": "GLSA-200812-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-15.xml"
},
{
"name": "31781",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31781"
},
{
"name": "33137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33137"
},
{
"name": "[png-mng-implement] 20080918 libpng-1.0.40 and libpng-1.2.32 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com\u0026forum_name=png-mng-implement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=624518"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "MDVSA-2009:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2095669\u0026group_id=5624\u0026atid=105624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=5624\u0026release_id=624517"
},
{
"name": "[oss-security] 20080909 CVE request (libpng)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/3"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "libpng-pngpushreadztxt-dos(44928)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44928"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "31049",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31049"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "[oss-security] 20080909 Re: CVE request (libpng)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/8"
},
{
"name": "VU#889484",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/889484"
},
{
"name": "ADV-2008-2512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2512"
},
{
"name": "GLSA-200812-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-15.xml"
},
{
"name": "31781",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31781"
},
{
"name": "33137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33137"
},
{
"name": "[png-mng-implement] 20080918 libpng-1.0.40 and libpng-1.2.32 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com\u0026forum_name=png-mng-implement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=624518"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "MDVSA-2009:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2095669\u0026group_id=5624\u0026atid=105624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=5624\u0026release_id=624517",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=5624\u0026release_id=624517"
},
{
"name": "[oss-security] 20080909 CVE request (libpng)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/3"
},
{
"name": "35386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35386"
},
{
"name": "1020521",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "libpng-pngpushreadztxt-dos(44928)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44928"
},
{
"name": "ADV-2009-1560",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "ADV-2009-1462",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "31049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31049"
},
{
"name": "259989",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35302"
},
{
"name": "[oss-security] 20080909 Re: CVE request (libpng)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/8"
},
{
"name": "VU#889484",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/889484"
},
{
"name": "ADV-2008-2512",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2512"
},
{
"name": "GLSA-200812-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-15.xml"
},
{
"name": "31781",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31781"
},
{
"name": "33137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33137"
},
{
"name": "[png-mng-implement] 20080918 libpng-1.0.40 and libpng-1.2.32 available",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com\u0026forum_name=png-mng-implement"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=624518",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=624518"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "MDVSA-2009:051",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2095669\u0026group_id=5624\u0026atid=105624",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2095669\u0026group_id=5624\u0026atid=105624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3964",
"datePublished": "2008-09-10T15:00:00",
"dateReserved": "2008-09-09T00:00:00",
"dateUpdated": "2024-08-07T10:00:41.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7317 (GCVE-0-2019-7317)
Vulnerability from cvelistv5
Published
2019-02-04 07:00
Modified
2024-08-04 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:45.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"name": "DSA-4435",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"name": "20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/36"
},
{
"name": "USN-3962-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"name": "USN-3991-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/56"
},
{
"name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/59"
},
{
"name": "DSA-4448",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"name": "RHSA-2019:1265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1265"
},
{
"name": "RHSA-2019:1267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1267"
},
{
"name": "RHSA-2019:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1269"
},
{
"name": "DSA-4451",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"name": "USN-3997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"name": "openSUSE-SU-2019:1484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"name": "RHSA-2019:1310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"name": "RHSA-2019:1308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"name": "RHSA-2019:1309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"name": "openSUSE-SU-2019:1534",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"name": "openSUSE-SU-2019:1664",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"name": "108098",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108098"
},
{
"name": "USN-4080-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"name": "USN-4083-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"name": "GLSA-201908-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"name": "RHSA-2019:2494",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2494"
},
{
"name": "RHSA-2019:2495",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2495"
},
{
"name": "openSUSE-SU-2019:1916",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"name": "openSUSE-SU-2019:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"name": "RHSA-2019:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2585"
},
{
"name": "RHSA-2019:2590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2590"
},
{
"name": "RHSA-2019:2592",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2592"
},
{
"name": "RHSA-2019:2737",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:38:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"name": "DSA-4435",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"name": "20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/36"
},
{
"name": "USN-3962-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"name": "USN-3991-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/56"
},
{
"name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/59"
},
{
"name": "DSA-4448",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"name": "RHSA-2019:1265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1265"
},
{
"name": "RHSA-2019:1267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1267"
},
{
"name": "RHSA-2019:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1269"
},
{
"name": "DSA-4451",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"name": "USN-3997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"name": "openSUSE-SU-2019:1484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"name": "RHSA-2019:1310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"name": "RHSA-2019:1308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"name": "RHSA-2019:1309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"name": "openSUSE-SU-2019:1534",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"name": "openSUSE-SU-2019:1664",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"name": "108098",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108098"
},
{
"name": "USN-4080-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"name": "USN-4083-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"name": "GLSA-201908-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"name": "RHSA-2019:2494",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2494"
},
{
"name": "RHSA-2019:2495",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2495"
},
{
"name": "openSUSE-SU-2019:1916",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"name": "openSUSE-SU-2019:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"name": "RHSA-2019:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2585"
},
{
"name": "RHSA-2019:2590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2590"
},
{
"name": "RHSA-2019:2592",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2592"
},
{
"name": "RHSA-2019:2737",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"name": "DSA-4435",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"name": "20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/36"
},
{
"name": "USN-3962-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"name": "USN-3991-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/56"
},
{
"name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/59"
},
{
"name": "DSA-4448",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"name": "RHSA-2019:1265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1265"
},
{
"name": "RHSA-2019:1267",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1267"
},
{
"name": "RHSA-2019:1269",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1269"
},
{
"name": "DSA-4451",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"name": "USN-3997-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"name": "openSUSE-SU-2019:1484",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"name": "RHSA-2019:1310",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"name": "RHSA-2019:1308",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"name": "RHSA-2019:1309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"name": "openSUSE-SU-2019:1534",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"name": "openSUSE-SU-2019:1664",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"name": "108098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108098"
},
{
"name": "USN-4080-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"name": "USN-4083-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"name": "GLSA-201908-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"name": "RHSA-2019:2494",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2494"
},
{
"name": "RHSA-2019:2495",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2495"
},
{
"name": "openSUSE-SU-2019:1916",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"name": "openSUSE-SU-2019:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"name": "RHSA-2019:2585",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2585"
},
{
"name": "RHSA-2019:2590",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2590"
},
{
"name": "RHSA-2019:2592",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2592"
},
{
"name": "RHSA-2019:2737",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2737"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"name": "https://github.com/glennrp/libpng/issues/275",
"refsource": "MISC",
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"name": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190719-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7317",
"datePublished": "2019-02-04T07:00:00",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-08-04T20:46:45.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6954 (GCVE-0-2013-6954)
Vulnerability from cvelistv5
Published
2014-01-12 15:00
Modified
2025-06-10 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg21675973"
},
{
"name": "RHSA-2014:0414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0075.html"
},
{
"name": "FEDORA-2014-1803",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html"
},
{
"name": "openSUSE-SU-2014:0100",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html"
},
{
"name": "HPSBUX03091",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c"
},
{
"name": "VU#650142",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/650142"
},
{
"name": "RHSA-2014:0413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"name": "59058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59058"
},
{
"name": "SSRT101667",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"name": "HPSBUX03092",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"name": "64493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64493"
},
{
"name": "58974",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58974"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045561"
},
{
"name": "MDVSA-2014:035",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:035"
},
{
"name": "FEDORA-2014-1754",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html"
},
{
"name": "SSRT101668",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746"
},
{
"name": "FEDORA-2014-1770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html"
},
{
"name": "FEDORA-2014-1778",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "FEDORA-2014-1766",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2013-6954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:40:28.214662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:18:13.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg21675973"
},
{
"name": "RHSA-2014:0414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0075.html"
},
{
"name": "FEDORA-2014-1803",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html"
},
{
"name": "openSUSE-SU-2014:0100",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html"
},
{
"name": "HPSBUX03091",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c"
},
{
"name": "VU#650142",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/650142"
},
{
"name": "RHSA-2014:0413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"name": "59058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59058"
},
{
"name": "SSRT101667",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"name": "HPSBUX03092",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"name": "64493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64493"
},
{
"name": "58974",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58974"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045561"
},
{
"name": "MDVSA-2014:035",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:035"
},
{
"name": "FEDORA-2014-1754",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html"
},
{
"name": "SSRT101668",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746"
},
{
"name": "FEDORA-2014-1770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html"
},
{
"name": "FEDORA-2014-1778",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "FEDORA-2014-1766",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-6954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg21675973",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg21675973"
},
{
"name": "RHSA-2014:0414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0075.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0075.html"
},
{
"name": "FEDORA-2014-1803",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html"
},
{
"name": "openSUSE-SU-2014:0100",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html"
},
{
"name": "HPSBUX03091",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
},
{
"name": "http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c"
},
{
"name": "VU#650142",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/650142"
},
{
"name": "RHSA-2014:0413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"name": "59058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59058"
},
{
"name": "SSRT101667",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"name": "HPSBUX03092",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"name": "64493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64493"
},
{
"name": "58974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58974"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1045561",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045561"
},
{
"name": "MDVSA-2014:035",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:035"
},
{
"name": "FEDORA-2014-1754",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html"
},
{
"name": "SSRT101668",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746"
},
{
"name": "FEDORA-2014-1770",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html"
},
{
"name": "FEDORA-2014-1778",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html"
},
{
"name": "http://www.libpng.org/pub/png/libpng.html",
"refsource": "MISC",
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "FEDORA-2014-1766",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-6954",
"datePublished": "2014-01-12T15:00:00.000Z",
"dateReserved": "2013-12-04T00:00:00.000Z",
"dateUpdated": "2025-06-10T13:18:13.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2249 (GCVE-0-2010-2249)
Vulnerability from cvelistv5
Published
2010-06-30 18:00
Modified
2024-08-07 02:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20"
},
{
"name": "MDVSA-2010:133",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"name": "41174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41174"
},
{
"name": "ADV-2010-1877",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1877"
},
{
"name": "ADV-2010-3045",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3045"
},
{
"name": "1024723",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "ADV-2010-1837",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4457"
},
{
"name": "ADV-2010-1755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1755"
},
{
"name": "ADV-2010-3046",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name": "40472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40472"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4566"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608644"
},
{
"name": "40302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40302"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "40336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40336"
},
{
"name": "libpng-scal-dos(59816)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59816"
},
{
"name": "41574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41574"
},
{
"name": "USN-960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-960-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "APPLE-SA-2011-03-02-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name": "42317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42317"
},
{
"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"name": "FEDORA-2010-10823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html"
},
{
"name": "DSA-2072",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2072"
},
{
"name": "40547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40547"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2010-1637",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1637"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4554"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "APPLE-SA-2011-03-09-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "SSA:2010-180-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061"
},
{
"name": "FEDORA-2010-10833",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "ADV-2010-2491",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"name": "ADV-2010-1846",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1846"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name": "ADV-2010-1612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1612"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20"
},
{
"name": "MDVSA-2010:133",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"name": "41174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41174"
},
{
"name": "ADV-2010-1877",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1877"
},
{
"name": "ADV-2010-3045",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3045"
},
{
"name": "1024723",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "ADV-2010-1837",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4457"
},
{
"name": "ADV-2010-1755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1755"
},
{
"name": "ADV-2010-3046",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name": "40472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40472"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4566"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608644"
},
{
"name": "40302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40302"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "40336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40336"
},
{
"name": "libpng-scal-dos(59816)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59816"
},
{
"name": "41574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41574"
},
{
"name": "USN-960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-960-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "APPLE-SA-2011-03-02-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name": "42317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42317"
},
{
"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"name": "FEDORA-2010-10823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html"
},
{
"name": "DSA-2072",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2072"
},
{
"name": "40547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40547"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2010-1637",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1637"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4554"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "APPLE-SA-2011-03-09-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "SSA:2010-180-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061"
},
{
"name": "FEDORA-2010-10833",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "ADV-2010-2491",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"name": "ADV-2010-1846",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1846"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name": "ADV-2010-1612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1612"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2249",
"datePublished": "2010-06-30T18:00:00",
"dateReserved": "2010-06-09T00:00:00",
"dateUpdated": "2024-08-07T02:25:07.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2501 (GCVE-0-2011-2501)
Vulnerability from cvelistv5
Published
2011-07-17 20:00
Modified
2024-08-06 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "45046",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45046"
},
{
"name": "USN-1175-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1175-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=65e6d5a34f49acdb362a0625a706c6b914e670af"
},
{
"name": "MDVSA-2011:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"name": "48474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48474"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=717084"
},
{
"name": "SSA:2011-210-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.617466"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "[oss-security] 20110627 CVE request for libpng regression (CVE-2004-0421)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/13"
},
{
"name": "FEDORA-2011-8868",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html"
},
{
"name": "libpng-pngerror-dos(68517)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68517"
},
{
"name": "45289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45289"
},
{
"name": "FEDORA-2011-9336",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"name": "DSA-2287",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com\u0026forum_name=png-mng-implement"
},
{
"name": "45405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45405"
},
{
"name": "RHSA-2011:1105",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1105.html"
},
{
"name": "[oss-security] 20110628 Re: CVE request for libpng regression (CVE-2004-0421)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/16"
},
{
"name": "45460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45460"
},
{
"name": "45486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45486"
},
{
"name": "45492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45492"
},
{
"name": "45415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "45046",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45046"
},
{
"name": "USN-1175-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1175-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=65e6d5a34f49acdb362a0625a706c6b914e670af"
},
{
"name": "MDVSA-2011:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"name": "48474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48474"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=717084"
},
{
"name": "SSA:2011-210-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.617466"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "[oss-security] 20110627 CVE request for libpng regression (CVE-2004-0421)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/13"
},
{
"name": "FEDORA-2011-8868",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html"
},
{
"name": "libpng-pngerror-dos(68517)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68517"
},
{
"name": "45289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45289"
},
{
"name": "FEDORA-2011-9336",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"name": "DSA-2287",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com\u0026forum_name=png-mng-implement"
},
{
"name": "45405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45405"
},
{
"name": "RHSA-2011:1105",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1105.html"
},
{
"name": "[oss-security] 20110628 Re: CVE request for libpng regression (CVE-2004-0421)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/16"
},
{
"name": "45460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45460"
},
{
"name": "45486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45486"
},
{
"name": "45492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45492"
},
{
"name": "45415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45415"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49660"
},
{
"name": "45046",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45046"
},
{
"name": "USN-1175-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1175-1"
},
{
"name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=65e6d5a34f49acdb362a0625a706c6b914e670af",
"refsource": "CONFIRM",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=65e6d5a34f49acdb362a0625a706c6b914e670af"
},
{
"name": "MDVSA-2011:151",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"name": "48474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48474"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=717084",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=717084"
},
{
"name": "SSA:2011-210-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.617466"
},
{
"name": "GLSA-201206-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "[oss-security] 20110627 CVE request for libpng regression (CVE-2004-0421)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/13"
},
{
"name": "FEDORA-2011-8868",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html"
},
{
"name": "libpng-pngerror-dos(68517)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68517"
},
{
"name": "45289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45289"
},
{
"name": "FEDORA-2011-9336",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"name": "DSA-2287",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"name": "http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com\u0026forum_name=png-mng-implement",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com\u0026forum_name=png-mng-implement"
},
{
"name": "45405",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45405"
},
{
"name": "RHSA-2011:1105",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1105.html"
},
{
"name": "[oss-security] 20110628 Re: CVE request for libpng regression (CVE-2004-0421)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/16"
},
{
"name": "45460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45460"
},
{
"name": "45486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45486"
},
{
"name": "45492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45492"
},
{
"name": "45415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45415"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2501",
"datePublished": "2011-07-17T20:00:00",
"dateReserved": "2011-06-15T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5063 (GCVE-0-2009-5063)
Vulnerability from cvelistv5
Published
2011-08-31 23:00
Modified
2024-08-07 07:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "[oss-security] 20110322 CVE Request: libpng memory leak",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/22/7"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "[oss-security] 20110328 Re: CVE Request: libpng memory leak",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/28/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-24T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "[oss-security] 20110322 CVE Request: libpng memory leak",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/22/7"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "[oss-security] 20110328 Re: CVE Request: libpng memory leak",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/28/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49660"
},
{
"name": "[oss-security] 20110322 CVE Request: libpng memory leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/22/7"
},
{
"name": "GLSA-201206-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "[oss-security] 20110328 Re: CVE Request: libpng memory leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/28/6"
},
{
"name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18",
"refsource": "CONFIRM",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5063",
"datePublished": "2011-08-31T23:00:00",
"dateReserved": "2011-03-28T00:00:00",
"dateUpdated": "2024-08-07T07:24:54.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14550 (GCVE-0-2018-14550)
Vulnerability from cvelistv5
Published
2019-07-10 00:00
Modified
2024-08-05 09:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201908-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/glennrp/libpng/issues/246"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201908-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://github.com/glennrp/libpng/issues/246"
},
{
"url": "https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0001/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14550",
"datePublished": "2019-07-10T00:00:00",
"dateReserved": "2018-07-23T00:00:00",
"dateUpdated": "2024-08-05T09:29:51.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9495 (GCVE-0-2014-9495)
Vulnerability from cvelistv5
Published
2015-01-10 19:00
Modified
2025-06-09 15:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
},
{
"name": "71820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71820"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"name": "[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
},
{
"name": "1031444",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031444"
},
{
"name": "62725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62725"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2014-9495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:14:59.794156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:16:20.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
},
{
"name": "71820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71820"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"name": "[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
},
{
"name": "1031444",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031444"
},
{
"name": "62725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62725"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
},
{
"name": "71820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71820"
},
{
"name": "APPLE-SA-2016-03-21-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "https://support.apple.com/HT206167",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206167"
},
{
"name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
"refsource": "MLIST",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"name": "[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available",
"refsource": "MLIST",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
},
{
"name": "1031444",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031444"
},
{
"name": "62725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62725"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9495",
"datePublished": "2015-01-10T19:00:00.000Z",
"dateReserved": "2015-01-03T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:16:20.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0205 (GCVE-0-2010-0205)
Vulnerability from cvelistv5
Published
2010-03-03 19:00
Modified
2024-08-07 00:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:54.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"name": "ADV-2010-0517",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0517"
},
{
"name": "ADV-2010-0682",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0682"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "62670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62670"
},
{
"name": "MDVSA-2010:063",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
},
{
"name": "ADV-2010-0605",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0605"
},
{
"name": "FEDORA-2010-3414",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"
},
{
"name": "ADV-2010-0626",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0626"
},
{
"name": "ADV-2010-0686",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0686"
},
{
"name": "39251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39251"
},
{
"name": "ADV-2010-1107",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "MDVSA-2010:064",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"
},
{
"name": "libpng-pngdecompresschunk-dos(56661)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"
},
{
"name": "SUSE-SR:2010:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "USN-913-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-913-1"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "DSA-2032",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2032"
},
{
"name": "41574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41574"
},
{
"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"name": "FEDORA-2010-3375",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"
},
{
"name": "38774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38774"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "ADV-2010-0637",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0637"
},
{
"name": "VU#576029",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/576029"
},
{
"name": "FEDORA-2010-4683",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"
},
{
"name": "38478",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38478"
},
{
"name": "ADV-2010-2491",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"
},
{
"name": "1023674",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023674"
},
{
"name": "ADV-2010-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0847"
},
{
"name": "ADV-2010-0667",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0667"
},
{
"name": "FEDORA-2010-2988",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libpng.sourceforge.net/decompression_bombs.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"name": "ADV-2010-0517",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0517"
},
{
"name": "ADV-2010-0682",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0682"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "62670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62670"
},
{
"name": "MDVSA-2010:063",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
},
{
"name": "ADV-2010-0605",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0605"
},
{
"name": "FEDORA-2010-3414",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"
},
{
"name": "ADV-2010-0626",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0626"
},
{
"name": "ADV-2010-0686",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0686"
},
{
"name": "39251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39251"
},
{
"name": "ADV-2010-1107",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "MDVSA-2010:064",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"
},
{
"name": "libpng-pngdecompresschunk-dos(56661)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"
},
{
"name": "SUSE-SR:2010:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "USN-913-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-913-1"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "DSA-2032",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2032"
},
{
"name": "41574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41574"
},
{
"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"name": "FEDORA-2010-3375",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"
},
{
"name": "38774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38774"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "ADV-2010-0637",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0637"
},
{
"name": "VU#576029",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/576029"
},
{
"name": "FEDORA-2010-4683",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"
},
{
"name": "38478",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38478"
},
{
"name": "ADV-2010-2491",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"
},
{
"name": "1023674",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023674"
},
{
"name": "ADV-2010-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0847"
},
{
"name": "ADV-2010-0667",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0667"
},
{
"name": "FEDORA-2010-2988",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libpng.sourceforge.net/decompression_bombs.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-0205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"name": "ADV-2010-0517",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0517"
},
{
"name": "ADV-2010-0682",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0682"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "62670",
"refsource": "OSVDB",
"url": "http://osvdb.org/62670"
},
{
"name": "MDVSA-2010:063",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
},
{
"name": "ADV-2010-0605",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0605"
},
{
"name": "FEDORA-2010-3414",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"
},
{
"name": "ADV-2010-0626",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0626"
},
{
"name": "ADV-2010-0686",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0686"
},
{
"name": "39251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39251"
},
{
"name": "ADV-2010-1107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "MDVSA-2010:064",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"
},
{
"name": "libpng-pngdecompresschunk-dos(56661)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"
},
{
"name": "SUSE-SR:2010:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "USN-913-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-913-1"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "DSA-2032",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2032"
},
{
"name": "41574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41574"
},
{
"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"name": "FEDORA-2010-3375",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"
},
{
"name": "38774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38774"
},
{
"name": "SUSE-SR:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "ADV-2010-0637",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0637"
},
{
"name": "VU#576029",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/576029"
},
{
"name": "FEDORA-2010-4683",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"
},
{
"name": "38478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38478"
},
{
"name": "ADV-2010-2491",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"name": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html",
"refsource": "CONFIRM",
"url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"
},
{
"name": "1023674",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023674"
},
{
"name": "ADV-2010-0847",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0847"
},
{
"name": "ADV-2010-0667",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0667"
},
{
"name": "FEDORA-2010-2988",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"
},
{
"name": "http://libpng.sourceforge.net/decompression_bombs.html",
"refsource": "CONFIRM",
"url": "http://libpng.sourceforge.net/decompression_bombs.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-0205",
"datePublished": "2010-03-03T19:00:00",
"dateReserved": "2010-01-06T00:00:00",
"dateUpdated": "2024-08-07T00:37:54.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12652 (GCVE-0-2017-12652)
Vulnerability from cvelistv5
Published
2019-07-10 14:10
Modified
2025-06-09 15:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE"
},
{
"name": "109269",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109269"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K88124225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K88124225?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-12652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:22:54.422412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:23:00.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libpng before 1.6.32 does not properly check the length of chunks against the user limit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:38:32.442Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE"
},
{
"name": "109269",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/109269"
},
{
"url": "https://support.f5.com/csp/article/K88124225"
},
{
"url": "https://support.f5.com/csp/article/K88124225?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220506-0003/"
},
{
"url": "https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpng before 1.6.32 does not properly check the length of chunks against the user limit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE",
"refsource": "CONFIRM",
"url": "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE"
},
{
"name": "109269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109269"
},
{
"name": "https://support.f5.com/csp/article/K88124225",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K88124225"
},
{
"name": "https://support.f5.com/csp/article/K88124225?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K88124225?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220506-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220506-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12652",
"datePublished": "2019-07-10T14:10:07.000Z",
"dateReserved": "2017-08-07T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:23:00.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2691 (GCVE-0-2011-2691)
Vulnerability from cvelistv5
Published
2011-07-17 20:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "48660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48660"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=9dad5e37aef295b4ef8dea39392b652deebc9261"
},
{
"name": "45046",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45046"
},
{
"name": "libpng-pngdefaulterror-dos(68537)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68537"
},
{
"name": "MDVSA-2011:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "FEDORA-2011-9336",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"name": "DSA-2287",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "45405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45405"
},
{
"name": "[oss-security] 20110713 Security issues fixed in libpng 1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/13/2"
},
{
"name": "SSRT100852",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "45492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45492"
},
{
"name": "HPSBMU02776",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "48660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48660"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=9dad5e37aef295b4ef8dea39392b652deebc9261"
},
{
"name": "45046",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45046"
},
{
"name": "libpng-pngdefaulterror-dos(68537)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68537"
},
{
"name": "MDVSA-2011:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "FEDORA-2011-9336",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"name": "DSA-2287",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "45405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45405"
},
{
"name": "[oss-security] 20110713 Security issues fixed in libpng 1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/13/2"
},
{
"name": "SSRT100852",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "45492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45492"
},
{
"name": "HPSBMU02776",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2691",
"datePublished": "2011-07-17T20:00:00",
"dateReserved": "2011-07-11T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13785 (GCVE-0-2018-13785)
Vulnerability from cvelistv5
Published
2018-07-09 13:00
Modified
2024-08-05 09:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:14:47.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:3007",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3007"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
},
{
"name": "RHSA-2018:3779",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3779"
},
{
"name": "RHSA-2018:3534",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3534"
},
{
"name": "RHSA-2018:3003",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3003"
},
{
"name": "USN-3712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3712-1/"
},
{
"name": "RHSA-2018:3002",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3002"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/libpng/bugs/278/"
},
{
"name": "RHSA-2018:3671",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3671"
},
{
"name": "RHSA-2018:3852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3852"
},
{
"name": "RHSA-2018:3008",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3008"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2018:3533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3533"
},
{
"name": "RHSA-2018:3001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3001"
},
{
"name": "RHSA-2018:3000",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3000"
},
{
"name": "105599",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105599"
},
{
"name": "1041889",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041889"
},
{
"name": "RHSA-2018:3672",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3672"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2"
},
{
"name": "GLSA-201908-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:3007",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3007"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
},
{
"name": "RHSA-2018:3779",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3779"
},
{
"name": "RHSA-2018:3534",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3534"
},
{
"name": "RHSA-2018:3003",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3003"
},
{
"name": "USN-3712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3712-1/"
},
{
"name": "RHSA-2018:3002",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3002"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/libpng/bugs/278/"
},
{
"name": "RHSA-2018:3671",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3671"
},
{
"name": "RHSA-2018:3852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3852"
},
{
"name": "RHSA-2018:3008",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3008"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2018:3533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3533"
},
{
"name": "RHSA-2018:3001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3001"
},
{
"name": "RHSA-2018:3000",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3000"
},
{
"name": "105599",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105599"
},
{
"name": "1041889",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041889"
},
{
"name": "RHSA-2018:3672",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3672"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2"
},
{
"name": "GLSA-201908-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3007",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3007"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
},
{
"name": "RHSA-2018:3779",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3779"
},
{
"name": "RHSA-2018:3534",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3534"
},
{
"name": "RHSA-2018:3003",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3003"
},
{
"name": "USN-3712-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3712-1/"
},
{
"name": "RHSA-2018:3002",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3002"
},
{
"name": "https://sourceforge.net/p/libpng/bugs/278/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/libpng/bugs/278/"
},
{
"name": "RHSA-2018:3671",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3671"
},
{
"name": "RHSA-2018:3852",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3852"
},
{
"name": "RHSA-2018:3008",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3008"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2018:3533",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3533"
},
{
"name": "RHSA-2018:3001",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3001"
},
{
"name": "RHSA-2018:3000",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3000"
},
{
"name": "105599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105599"
},
{
"name": "1041889",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041889"
},
{
"name": "RHSA-2018:3672",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3672"
},
{
"name": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2",
"refsource": "MISC",
"url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2"
},
{
"name": "GLSA-201908-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13785",
"datePublished": "2018-07-09T13:00:00",
"dateReserved": "2018-07-09T00:00:00",
"dateUpdated": "2024-08-05T09:14:47.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5267 (GCVE-0-2007-5267)
Vulnerability from cvelistv5
Published
2007-10-08 21:00
Modified
2024-08-07 15:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-3391",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3391"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "[png-mng-implement] 20071015 libpng 1.2.21 iCCP chunk handling bug",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "[png-mng-implement] 20071005 libpng 1.2.21 iCCP chunk handling bug",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement"
},
{
"name": "27746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27746"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "27130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27130"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27284"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "SSA:2007-325-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "25957",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25957"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-3391",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3391"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "[png-mng-implement] 20071015 libpng 1.2.21 iCCP chunk handling bug",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "[png-mng-implement] 20071005 libpng 1.2.21 iCCP chunk handling bug",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement"
},
{
"name": "27746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27746"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "27130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27130"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27284"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "SSA:2007-325-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "25957",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25957"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-3391",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3391"
},
{
"name": "https://issues.rpath.com/browse/RPL-1814",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "35386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35386"
},
{
"name": "1020521",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "[png-mng-implement] 20071015 libpng 1.2.21 iCCP chunk handling bug",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net"
},
{
"name": "ADV-2009-1560",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "ADV-2009-1462",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "[png-mng-implement] 20071005 libpng 1.2.21 iCCP chunk handling bug",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement"
},
{
"name": "27746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27746"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2148",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35302"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "27130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27130"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27284"
},
{
"name": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html",
"refsource": "CONFIRM",
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "SSA:2007-325-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "25957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25957"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5267",
"datePublished": "2007-10-08T21:00:00",
"dateReserved": "2007-10-08T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1205 (GCVE-0-2010-1205)
Vulnerability from cvelistv5
Published
2010-06-30 18:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2010:133",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"name": "41174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41174"
},
{
"name": "ADV-2010-1877",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1877"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html"
},
{
"name": "ADV-2010-3045",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3045"
},
{
"name": "libpng-rowdata-bo(59815)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html"
},
{
"name": "oval:org.mitre.oval:def:11851",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851"
},
{
"name": "ADV-2010-1837",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=570451"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4457"
},
{
"name": "ADV-2010-1755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1755"
},
{
"name": "ADV-2010-3046",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name": "40472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40472"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "40302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40302"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "40336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40336"
},
{
"name": "41574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41574"
},
{
"name": "USN-960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-960-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blackberry.com/btsc/KB27244"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "APPLE-SA-2010-08-24-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"name": "APPLE-SA-2011-03-02-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name": "42317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42317"
},
{
"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"name": "FEDORA-2010-10823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html"
},
{
"name": "DSA-2072",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4312"
},
{
"name": "40547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40547"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2010-1637",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1637"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4554"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "APPLE-SA-2011-03-09-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "SSA:2010-180-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061"
},
{
"name": "FEDORA-2010-10833",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=40798"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "ADV-2010-2491",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.webkit.org/changeset/61816"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=45983"
},
{
"name": "ADV-2010-1846",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name": "ADV-2010-1612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1612"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2010:133",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"name": "41174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41174"
},
{
"name": "ADV-2010-1877",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1877"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html"
},
{
"name": "ADV-2010-3045",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3045"
},
{
"name": "libpng-rowdata-bo(59815)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html"
},
{
"name": "oval:org.mitre.oval:def:11851",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851"
},
{
"name": "ADV-2010-1837",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=570451"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4457"
},
{
"name": "ADV-2010-1755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1755"
},
{
"name": "ADV-2010-3046",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name": "40472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40472"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "40302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40302"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "40336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40336"
},
{
"name": "41574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41574"
},
{
"name": "USN-960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-960-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blackberry.com/btsc/KB27244"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "APPLE-SA-2010-08-24-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"name": "APPLE-SA-2011-03-02-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name": "42317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42317"
},
{
"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"name": "FEDORA-2010-10823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html"
},
{
"name": "DSA-2072",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4312"
},
{
"name": "40547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40547"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2010-1637",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1637"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4554"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "APPLE-SA-2011-03-09-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "SSA:2010-180-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061"
},
{
"name": "FEDORA-2010-10833",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=40798"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "ADV-2010-2491",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.webkit.org/changeset/61816"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=45983"
},
{
"name": "ADV-2010-1846",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name": "ADV-2010-1612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1612"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2010:133",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"name": "41174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41174"
},
{
"name": "ADV-2010-1877",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1877"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html"
},
{
"name": "ADV-2010-3045",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3045"
},
{
"name": "libpng-rowdata-bo(59815)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59815"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html"
},
{
"name": "oval:org.mitre.oval:def:11851",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851"
},
{
"name": "ADV-2010-1837",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=570451",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=570451"
},
{
"name": "http://support.apple.com/kb/HT4457",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4457"
},
{
"name": "ADV-2010-1755",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1755"
},
{
"name": "ADV-2010-3046",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name": "40472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40472"
},
{
"name": "http://support.apple.com/kb/HT4566",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "40302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40302"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "40336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40336"
},
{
"name": "41574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41574"
},
{
"name": "USN-960-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-960-1"
},
{
"name": "http://blackberry.com/btsc/KB27244",
"refsource": "CONFIRM",
"url": "http://blackberry.com/btsc/KB27244"
},
{
"name": "http://www.libpng.org/pub/png/libpng.html",
"refsource": "CONFIRM",
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "APPLE-SA-2010-08-24-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"name": "APPLE-SA-2011-03-02-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name": "42317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42317"
},
{
"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"name": "FEDORA-2010-10823",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html"
},
{
"name": "DSA-2072",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2072"
},
{
"name": "http://support.apple.com/kb/HT4312",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4312"
},
{
"name": "40547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40547"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2010-1637",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1637"
},
{
"name": "http://support.apple.com/kb/HT4554",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4554"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "SSA:2010-180-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061"
},
{
"name": "FEDORA-2010-10833",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html"
},
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=40798",
"refsource": "CONFIRM",
"url": "https://bugs.webkit.org/show_bug.cgi?id=40798"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "ADV-2010-2491",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"name": "http://trac.webkit.org/changeset/61816",
"refsource": "CONFIRM",
"url": "http://trac.webkit.org/changeset/61816"
},
{
"name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18",
"refsource": "CONFIRM",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=45983",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=45983"
},
{
"name": "ADV-2010-1846",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1846"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=608238",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name": "ADV-2010-1612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1612"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1205",
"datePublished": "2010-06-30T18:00:00",
"dateReserved": "2010-03-30T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7244 (GCVE-0-2006-7244)
Vulnerability from cvelistv5
Published
2011-08-31 23:00
Modified
2024-09-16 22:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110322 CVE Request: libpng memory leak",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/22/7"
},
{
"name": "[oss-security] 20110328 Re: CVE Request: libpng memory leak",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/28/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/159216?id=159216"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-31T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110322 CVE Request: libpng memory leak",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/22/7"
},
{
"name": "[oss-security] 20110328 Re: CVE Request: libpng memory leak",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/28/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/159216?id=159216"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110322 CVE Request: libpng memory leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/22/7"
},
{
"name": "[oss-security] 20110328 Re: CVE Request: libpng memory leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/28/6"
},
{
"name": "https://bugs.gentoo.org/159216?id=159216",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/159216?id=159216"
},
{
"name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18",
"refsource": "CONFIRM",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7244",
"datePublished": "2011-08-31T23:00:00Z",
"dateReserved": "2011-03-28T00:00:00Z",
"dateUpdated": "2024-09-16T22:46:05.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0333 (GCVE-0-2014-0333)
Vulnerability from cvelistv5
Published
2014-02-27 20:00
Modified
2024-08-06 09:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:10.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff"
},
{
"name": "openSUSE-SU-2014:0358",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00029.html"
},
{
"name": "VU#684412",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/684412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T14:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff"
},
{
"name": "openSUSE-SU-2014:0358",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00029.html"
},
{
"name": "VU#684412",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/684412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff",
"refsource": "CONFIRM",
"url": "ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff"
},
{
"name": "https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff"
},
{
"name": "openSUSE-SU-2014:0358",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00029.html"
},
{
"name": "VU#684412",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/684412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-0333",
"datePublished": "2014-02-27T20:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T09:13:10.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8472 (GCVE-0-2015-8472)
Vulnerability from cvelistv5
Published
2016-01-21 15:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:41.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "openSUSE-SU-2016:0272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"name": "openSUSE-SU-2016:0279",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/"
},
{
"name": "RHSA-2015:2595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"name": "RHSA-2015:2596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "openSUSE-SU-2016:0270",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148"
},
{
"name": "SUSE-SU-2016:0269",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"name": "openSUSE-SU-2016:0263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"name": "SUSE-SU-2016:0256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"name": "[oss-security] 20151203 Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/"
},
{
"name": "78624",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78624"
},
{
"name": "RHSA-2016:0057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"
},
{
"name": "RHSA-2016:0055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"
},
{
"name": "FEDORA-2015-c80ec85542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/"
},
{
"name": "DSA-3443",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"name": "RHSA-2016:0056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"
},
{
"name": "openSUSE-SU-2016:0268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"name": "FEDORA-2015-4ad4998d00",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"
},
{
"name": "RHSA-2015:2594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
},
{
"name": "FEDORA-2015-233750b6ab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"
},
{
"name": "SUSE-SU-2016:0265",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "openSUSE-SU-2016:0272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"name": "openSUSE-SU-2016:0279",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/"
},
{
"name": "RHSA-2015:2595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"name": "RHSA-2015:2596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "openSUSE-SU-2016:0270",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148"
},
{
"name": "SUSE-SU-2016:0269",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"name": "openSUSE-SU-2016:0263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"name": "SUSE-SU-2016:0256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"name": "[oss-security] 20151203 Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/"
},
{
"name": "78624",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78624"
},
{
"name": "RHSA-2016:0057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"
},
{
"name": "RHSA-2016:0055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"
},
{
"name": "FEDORA-2015-c80ec85542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/"
},
{
"name": "DSA-3443",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"name": "RHSA-2016:0056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"
},
{
"name": "openSUSE-SU-2016:0268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"name": "FEDORA-2015-4ad4998d00",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"
},
{
"name": "RHSA-2015:2594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
},
{
"name": "FEDORA-2015-233750b6ab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"
},
{
"name": "SUSE-SU-2016:0265",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-03-21-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "https://support.apple.com/HT206167",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206167"
},
{
"name": "openSUSE-SU-2016:0272",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"name": "openSUSE-SU-2016:0279",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "RHSA-2016:1430",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/"
},
{
"name": "RHSA-2015:2595",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"name": "RHSA-2015:2596",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "openSUSE-SU-2016:0270",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148"
},
{
"name": "SUSE-SU-2016:0269",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"name": "openSUSE-SU-2016:0263",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"name": "SUSE-SU-2016:0256",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"name": "[oss-security] 20151203 Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/6"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/"
},
{
"name": "78624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78624"
},
{
"name": "RHSA-2016:0057",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"
},
{
"name": "RHSA-2016:0055",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"
},
{
"name": "FEDORA-2015-c80ec85542",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/"
},
{
"name": "DSA-3443",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"name": "RHSA-2016:0056",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"
},
{
"name": "openSUSE-SU-2016:0268",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"name": "FEDORA-2015-4ad4998d00",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"
},
{
"name": "RHSA-2015:2594",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
},
{
"name": "FEDORA-2015-233750b6ab",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"
},
{
"name": "SUSE-SU-2016:0265",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8472",
"datePublished": "2016-01-21T15:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-06T08:20:41.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7354 (GCVE-0-2013-7354)
Vulnerability from cvelistv5
Published
2014-05-06 14:00
Modified
2025-06-09 15:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/libpng/bugs/199/"
},
{
"name": "openSUSE-SU-2014:0604",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"
},
{
"name": "67344",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67344"
},
{
"name": "[oss-security] 20140410 CVE-2013-7353 CVE-2013-7354 libpng integer overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/83"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2013-7354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:42:44.504136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:42:53.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/libpng/bugs/199/"
},
{
"name": "openSUSE-SU-2014:0604",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"
},
{
"name": "67344",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67344"
},
{
"name": "[oss-security] 20140410 CVE-2013-7353 CVE-2013-7354 libpng integer overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/83"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/libpng/bugs/199/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/libpng/bugs/199/"
},
{
"name": "openSUSE-SU-2014:0604",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"
},
{
"name": "67344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67344"
},
{
"name": "[oss-security] 20140410 CVE-2013-7353 CVE-2013-7354 libpng integer overflows",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/83"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7354",
"datePublished": "2014-05-06T14:00:00.000Z",
"dateReserved": "2014-04-10T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:42:53.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0421 (GCVE-0-2004-0421)
Vulnerability from cvelistv5
Published
2004-05-05 04:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2004-106",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://marc.info/?l=fedora-announce-list\u0026m=108451353608968\u0026w=2"
},
{
"name": "20040429 [OpenPKG-SA-2004.017] OpenPKG Security Advisory (png)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108334922320309\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:971",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971"
},
{
"name": "DSA-498",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-498"
},
{
"name": "oval:org.mitre.oval:def:11710",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710"
},
{
"name": "MDKSA-2004:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:040"
},
{
"name": "22958",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22958"
},
{
"name": "libpng-png-dos(16022)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16022"
},
{
"name": "APPLE-SA-2004-09-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
},
{
"name": "10244",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10244"
},
{
"name": "FEDORA-2004-105",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://marc.info/?l=fedora-announce-list\u0026m=108451350029261\u0026w=2"
},
{
"name": "MDKSA-2006:213",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
},
{
"name": "RHSA-2004:180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-180.html"
},
{
"name": "MDKSA-2006:212",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
},
{
"name": "2004-0025",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108335030208523\u0026w=2"
},
{
"name": "RHSA-2004:181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-181.html"
},
{
"name": "22957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22957"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2004-106",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://marc.info/?l=fedora-announce-list\u0026m=108451353608968\u0026w=2"
},
{
"name": "20040429 [OpenPKG-SA-2004.017] OpenPKG Security Advisory (png)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108334922320309\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:971",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971"
},
{
"name": "DSA-498",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-498"
},
{
"name": "oval:org.mitre.oval:def:11710",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710"
},
{
"name": "MDKSA-2004:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:040"
},
{
"name": "22958",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22958"
},
{
"name": "libpng-png-dos(16022)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16022"
},
{
"name": "APPLE-SA-2004-09-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
},
{
"name": "10244",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10244"
},
{
"name": "FEDORA-2004-105",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://marc.info/?l=fedora-announce-list\u0026m=108451350029261\u0026w=2"
},
{
"name": "MDKSA-2006:213",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
},
{
"name": "RHSA-2004:180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-180.html"
},
{
"name": "MDKSA-2006:212",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
},
{
"name": "2004-0025",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108335030208523\u0026w=2"
},
{
"name": "RHSA-2004:181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-181.html"
},
{
"name": "22957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22957"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2004-106",
"refsource": "FEDORA",
"url": "http://marc.info/?l=fedora-announce-list\u0026m=108451353608968\u0026w=2"
},
{
"name": "20040429 [OpenPKG-SA-2004.017] OpenPKG Security Advisory (png)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108334922320309\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:971",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971"
},
{
"name": "DSA-498",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-498"
},
{
"name": "oval:org.mitre.oval:def:11710",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710"
},
{
"name": "MDKSA-2004:040",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:040"
},
{
"name": "22958",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22958"
},
{
"name": "libpng-png-dos(16022)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16022"
},
{
"name": "APPLE-SA-2004-09-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
},
{
"name": "10244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10244"
},
{
"name": "FEDORA-2004-105",
"refsource": "FEDORA",
"url": "http://marc.info/?l=fedora-announce-list\u0026m=108451350029261\u0026w=2"
},
{
"name": "MDKSA-2006:213",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
},
{
"name": "RHSA-2004:180",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-180.html"
},
{
"name": "MDKSA-2006:212",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
},
{
"name": "2004-0025",
"refsource": "TRUSTIX",
"url": "http://marc.info/?l=bugtraq\u0026m=108335030208523\u0026w=2"
},
{
"name": "RHSA-2004:181",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-181.html"
},
{
"name": "22957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22957"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0421",
"datePublished": "2004-05-05T04:00:00",
"dateReserved": "2004-04-19T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5268 (GCVE-0-2007-5268)
Vulnerability from cvelistv5
Published
2007-10-08 21:00
Modified
2024-08-07 15:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "MDKSA-2007:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "27093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27093"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"name": "27529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27529"
},
{
"name": "27405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27405"
},
{
"name": "27746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27746"
},
{
"name": "ADV-2007-3390",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3390"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "[png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net\u0026forum_name=png-mng-implement"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "25956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25956"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27284"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "USN-538-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-538-1"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name": "30161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "[png-mng-implement] 20070914 libpng-1.0.29beta1 and libpng-1.2.21beta1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200711-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"name": "[png-mng-implement] 20070911 FW: Compiler warnings for pngrtran.c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=5122753600C3E94F87FBDFFCC090D1FF0400EBC5%40MERCMBX07.na.sas.com"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "SSA:2007-325-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"name": "27629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "MDKSA-2007:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "27093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27093"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"name": "27529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27529"
},
{
"name": "27405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27405"
},
{
"name": "27746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27746"
},
{
"name": "ADV-2007-3390",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3390"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "[png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net\u0026forum_name=png-mng-implement"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "25956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25956"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27284"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "USN-538-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-538-1"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name": "30161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "[png-mng-implement] 20070914 libpng-1.0.29beta1 and libpng-1.2.21beta1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200711-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"name": "[png-mng-implement] 20070911 FW: Compiler warnings for pngrtran.c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=5122753600C3E94F87FBDFFCC090D1FF0400EBC5%40MERCMBX07.na.sas.com"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "SSA:2007-325-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"name": "27629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.rpath.com/browse/RPL-1814",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "MDKSA-2007:217",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"name": "35386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35386"
},
{
"name": "27093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27093"
},
{
"name": "1020521",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "ADV-2009-1560",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "ADV-2009-1462",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=195261",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"name": "27529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27529"
},
{
"name": "27405",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27405"
},
{
"name": "27746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27746"
},
{
"name": "ADV-2007-3390",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3390"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2148",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35302"
},
{
"name": "[png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net\u0026forum_name=png-mng-implement"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "25956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25956"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27284"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "USN-538-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-538-1"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html",
"refsource": "CONFIRM",
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name": "30161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "[png-mng-implement] 20070914 libpng-1.0.29beta1 and libpng-1.2.21beta1",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200711-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"name": "[png-mng-implement] 20070911 FW: Compiler warnings for pngrtran.c",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=5122753600C3E94F87FBDFFCC090D1FF0400EBC5%40MERCMBX07.na.sas.com"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "SSA:2007-325-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"name": "27629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5268",
"datePublished": "2007-10-08T21:00:00",
"dateReserved": "2007-10-08T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7353 (GCVE-0-2013-7353)
Vulnerability from cvelistv5
Published
2014-05-06 14:00
Modified
2025-06-09 15:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/libpng/bugs/199/"
},
{
"name": "openSUSE-SU-2014:0604",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"
},
{
"name": "67345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67345"
},
{
"name": "[oss-security] 20140410 CVE-2013-7353 CVE-2013-7354 libpng integer overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/83"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2013-7353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:37:00.771058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:37:30.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/libpng/bugs/199/"
},
{
"name": "openSUSE-SU-2014:0604",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"
},
{
"name": "67345",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67345"
},
{
"name": "[oss-security] 20140410 CVE-2013-7353 CVE-2013-7354 libpng integer overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/83"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/libpng/bugs/199/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/libpng/bugs/199/"
},
{
"name": "openSUSE-SU-2014:0604",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"
},
{
"name": "67345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67345"
},
{
"name": "[oss-security] 20140410 CVE-2013-7353 CVE-2013-7354 libpng integer overflows",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/83"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7353",
"datePublished": "2014-05-06T14:00:00.000Z",
"dateReserved": "2014-04-10T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:37:30.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5269 (GCVE-0-2007-5269)
Vulnerability from cvelistv5
Published
2007-10-08 21:00
Modified
2024-08-07 15:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27965"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "MDKSA-2007:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "FEDORA-2007-2666",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "FEDORA-2007-2521",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html"
},
{
"name": "27093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27093"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "34388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34388"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "27662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27662"
},
{
"name": "31712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"name": "FEDORA-2007-734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html"
},
{
"name": "27529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "27405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27405"
},
{
"name": "27746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27746"
},
{
"name": "RHSA-2007:0992",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0992.html"
},
{
"name": "ADV-2007-3390",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3390"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "31713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31713"
},
{
"name": "[png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net\u0026forum_name=png-mng-implement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "27391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27391"
},
{
"name": "25956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25956"
},
{
"name": "SUSE-SR:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"name": "27369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27369"
},
{
"name": "1018849",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018849"
},
{
"name": "oval:org.mitre.oval:def:10614",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=327791"
},
{
"name": "27492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27284"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "USN-538-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-538-1"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name": "30161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "DSA-1750",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "GLSA-200711-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "SSA:2007-325-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=337461"
},
{
"name": "27629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27965"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "MDKSA-2007:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "FEDORA-2007-2666",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "FEDORA-2007-2521",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html"
},
{
"name": "27093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27093"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "34388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34388"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "27662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27662"
},
{
"name": "31712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"name": "FEDORA-2007-734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html"
},
{
"name": "27529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "27405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27405"
},
{
"name": "27746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27746"
},
{
"name": "RHSA-2007:0992",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0992.html"
},
{
"name": "ADV-2007-3390",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3390"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "31713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31713"
},
{
"name": "[png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net\u0026forum_name=png-mng-implement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "27391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27391"
},
{
"name": "25956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25956"
},
{
"name": "SUSE-SR:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"name": "27369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27369"
},
{
"name": "1018849",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018849"
},
{
"name": "oval:org.mitre.oval:def:10614",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=327791"
},
{
"name": "27492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27284"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "USN-538-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-538-1"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name": "30161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "DSA-1750",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "GLSA-200711-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "SSA:2007-325-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=337461"
},
{
"name": "27629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27965"
},
{
"name": "https://issues.rpath.com/browse/RPL-1814",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "MDKSA-2007:217",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"name": "35386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35386"
},
{
"name": "FEDORA-2007-2666",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html"
},
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "FEDORA-2007-2521",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html"
},
{
"name": "27093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27093"
},
{
"name": "1020521",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "ADV-2009-1560",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "34388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34388"
},
{
"name": "ADV-2009-1462",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "27662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27662"
},
{
"name": "31712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31712"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=195261",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"name": "FEDORA-2007-734",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html"
},
{
"name": "27529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27529"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "27405",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27405"
},
{
"name": "27746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27746"
},
{
"name": "RHSA-2007:0992",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0992.html"
},
{
"name": "ADV-2007-3390",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3390"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2148",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35302"
},
{
"name": "31713",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31713"
},
{
"name": "[png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net\u0026forum_name=png-mng-implement"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "27391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27391"
},
{
"name": "25956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25956"
},
{
"name": "SUSE-SR:2007:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"name": "27369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27369"
},
{
"name": "1018849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018849"
},
{
"name": "oval:org.mitre.oval:def:10614",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=327791",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=327791"
},
{
"name": "27492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27492"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27284"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "USN-538-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-538-1"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html",
"refsource": "CONFIRM",
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name": "30161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "DSA-1750",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "GLSA-200711-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "SSA:2007-325-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=337461",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=337461"
},
{
"name": "27629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5269",
"datePublished": "2007-10-08T21:00:00",
"dateReserved": "2007-10-08T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2692 (GCVE-0-2011-2692)
Vulnerability from cvelistv5
Published
2011-07-17 20:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "RHSA-2011:1103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1103.html"
},
{
"name": "48618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48618"
},
{
"name": "45046",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45046"
},
{
"name": "USN-1175-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1175-1"
},
{
"name": "MDVSA-2011:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720612"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org\u0026forum_name=png-mng-implement"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "45461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339"
},
{
"name": "FEDORA-2011-9336",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"name": "DSA-2287",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "45405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45405"
},
{
"name": "45445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45445"
},
{
"name": "RHSA-2011:1105",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1105.html"
},
{
"name": "45460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45460"
},
{
"name": "[oss-security] 20110713 Security issues fixed in libpng 1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/13/2"
},
{
"name": "libpng-png-file-dos(68536)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68536"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "45492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "RHSA-2011:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1104.html"
},
{
"name": "VU#819894",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/819894"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "45415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "RHSA-2011:1103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1103.html"
},
{
"name": "48618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48618"
},
{
"name": "45046",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45046"
},
{
"name": "USN-1175-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1175-1"
},
{
"name": "MDVSA-2011:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720612"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org\u0026forum_name=png-mng-implement"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "45461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339"
},
{
"name": "FEDORA-2011-9336",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"name": "DSA-2287",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "45405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45405"
},
{
"name": "45445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45445"
},
{
"name": "RHSA-2011:1105",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1105.html"
},
{
"name": "45460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45460"
},
{
"name": "[oss-security] 20110713 Security issues fixed in libpng 1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/13/2"
},
{
"name": "libpng-png-file-dos(68536)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68536"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "45492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "RHSA-2011:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1104.html"
},
{
"name": "VU#819894",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/819894"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "45415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45415"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2692",
"datePublished": "2011-07-17T20:00:00",
"dateReserved": "2011-07-11T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1382 (GCVE-0-2008-1382)
Vulnerability from cvelistv5
Published
2008-04-14 16:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"name": "RHSA-2009:0333",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0333.html"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "ADV-2008-1225",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1225/references"
},
{
"name": "30157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30157"
},
{
"name": "30174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30174"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "44364",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44364"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "34388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34388"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "GLSA-200805-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-10.xml"
},
{
"name": "FEDORA-2008-4910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html"
},
{
"name": "FEDORA-2008-3937",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html"
},
{
"name": "30486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30486"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "30402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30402"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "FEDORA-2008-4847",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html"
},
{
"name": "SSA:2008-119-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.541247"
},
{
"name": "20080429 rPSA-2008-0151-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491424/100/0/threaded"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "29792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29792"
},
{
"name": "1019840",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019840"
},
{
"name": "ADV-2009-1451",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1451"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "GLSA-200804-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-15.xml"
},
{
"name": "29992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29992"
},
{
"name": "FEDORA-2008-3683",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html"
},
{
"name": "20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"name": "29678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29678"
},
{
"name": "libpng-zero-length-code-execution(41800)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41800"
},
{
"name": "GLSA-200812-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-15.xml"
},
{
"name": "DSA-1750",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-003.html"
},
{
"name": "20080414 [oCERT-2008-003] libpng zero-length chunks incorrect handling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490823/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libpng.sourceforge.net/Advisory-1.2.26.txt"
},
{
"name": "oval:org.mitre.oval:def:10326",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10326"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "33137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33137"
},
{
"name": "oval:org.mitre.oval:def:6275",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6275"
},
{
"name": "34152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34152"
},
{
"name": "MDVSA-2008:156",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:156"
},
{
"name": "35258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35258"
},
{
"name": "30009",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30009"
},
{
"name": "28770",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28770"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "29957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29957"
},
{
"name": "FEDORA-2008-3979",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html"
},
{
"name": "FEDORA-2008-4947",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length \"unknown\" chunks, which trigger an access of uninitialized memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SR:2008:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"name": "RHSA-2009:0333",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0333.html"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "ADV-2008-1225",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1225/references"
},
{
"name": "30157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30157"
},
{
"name": "30174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30174"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "44364",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44364"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "34388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34388"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "GLSA-200805-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-10.xml"
},
{
"name": "FEDORA-2008-4910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html"
},
{
"name": "FEDORA-2008-3937",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html"
},
{
"name": "30486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30486"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "30402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30402"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "FEDORA-2008-4847",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html"
},
{
"name": "SSA:2008-119-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.541247"
},
{
"name": "20080429 rPSA-2008-0151-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491424/100/0/threaded"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "29792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29792"
},
{
"name": "1019840",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019840"
},
{
"name": "ADV-2009-1451",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1451"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "GLSA-200804-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-15.xml"
},
{
"name": "29992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29992"
},
{
"name": "FEDORA-2008-3683",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html"
},
{
"name": "20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"name": "29678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29678"
},
{
"name": "libpng-zero-length-code-execution(41800)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41800"
},
{
"name": "GLSA-200812-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-15.xml"
},
{
"name": "DSA-1750",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-003.html"
},
{
"name": "20080414 [oCERT-2008-003] libpng zero-length chunks incorrect handling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490823/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libpng.sourceforge.net/Advisory-1.2.26.txt"
},
{
"name": "oval:org.mitre.oval:def:10326",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10326"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "33137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33137"
},
{
"name": "oval:org.mitre.oval:def:6275",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6275"
},
{
"name": "34152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34152"
},
{
"name": "MDVSA-2008:156",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:156"
},
{
"name": "35258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35258"
},
{
"name": "30009",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30009"
},
{
"name": "28770",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28770"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "29957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29957"
},
{
"name": "FEDORA-2008-3979",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html"
},
{
"name": "FEDORA-2008-4947",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-1382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length \"unknown\" chunks, which trigger an access of uninitialized memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"name": "RHSA-2009:0333",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0333.html"
},
{
"name": "35386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35386"
},
{
"name": "ADV-2008-1225",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1225/references"
},
{
"name": "30157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30157"
},
{
"name": "30174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30174"
},
{
"name": "1020521",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "44364",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44364"
},
{
"name": "ADV-2009-1560",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "34388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34388"
},
{
"name": "ADV-2009-1462",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "GLSA-200805-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-10.xml"
},
{
"name": "FEDORA-2008-4910",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html"
},
{
"name": "FEDORA-2008-3937",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html"
},
{
"name": "30486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30486"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "30402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30402"
},
{
"name": "259989",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35302"
},
{
"name": "FEDORA-2008-4847",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html"
},
{
"name": "SSA:2008-119-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.541247"
},
{
"name": "20080429 rPSA-2008-0151-1 libpng",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491424/100/0/threaded"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "29792",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29792"
},
{
"name": "1019840",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019840"
},
{
"name": "ADV-2009-1451",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1451"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "GLSA-200804-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-15.xml"
},
{
"name": "29992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29992"
},
{
"name": "FEDORA-2008-3683",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html"
},
{
"name": "20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"name": "29678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29678"
},
{
"name": "libpng-zero-length-code-execution(41800)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41800"
},
{
"name": "GLSA-200812-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-15.xml"
},
{
"name": "DSA-1750",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "http://www.ocert.org/advisories/ocert-2008-003.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2008-003.html"
},
{
"name": "20080414 [oCERT-2008-003] libpng zero-length chunks incorrect handling",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490823/100/0/threaded"
},
{
"name": "http://libpng.sourceforge.net/Advisory-1.2.26.txt",
"refsource": "CONFIRM",
"url": "http://libpng.sourceforge.net/Advisory-1.2.26.txt"
},
{
"name": "oval:org.mitre.oval:def:10326",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10326"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "33137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33137"
},
{
"name": "oval:org.mitre.oval:def:6275",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6275"
},
{
"name": "34152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34152"
},
{
"name": "MDVSA-2008:156",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:156"
},
{
"name": "35258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35258"
},
{
"name": "30009",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30009"
},
{
"name": "28770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28770"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "29957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29957"
},
{
"name": "FEDORA-2008-3979",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html"
},
{
"name": "FEDORA-2008-4947",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1382",
"datePublished": "2008-04-14T16:00:00",
"dateReserved": "2008-03-18T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3425 (GCVE-0-2012-3425)
Vulnerability from cvelistv5
Published
2012-08-13 20:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120724 CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=73e2ffd6a1471f2144d0ce7165d7323cb109f10f%3Bhb=refs/heads/libpng15"
},
{
"name": "[oss-security] 20120724 Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=2da5a7a8b690e257f94353b5b49d493cdc385322%3Bhb=refs/heads/libpng14"
},
{
"name": "openSUSE-SU-2012:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=284de253b1561b976291ba7405acd71ae71ff597%3Bhb=refs/heads/libpng10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bhb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8"
},
{
"name": "USN-2815-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2815-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-11-24T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120724 CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=73e2ffd6a1471f2144d0ce7165d7323cb109f10f%3Bhb=refs/heads/libpng15"
},
{
"name": "[oss-security] 20120724 Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=2da5a7a8b690e257f94353b5b49d493cdc385322%3Bhb=refs/heads/libpng14"
},
{
"name": "openSUSE-SU-2012:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=284de253b1561b976291ba7405acd71ae71ff597%3Bhb=refs/heads/libpng10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bhb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8"
},
{
"name": "USN-2815-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2815-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120724 CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/3"
},
{
"name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15",
"refsource": "MISC",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15"
},
{
"name": "[oss-security] 20120724 Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/5"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082"
},
{
"name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14",
"refsource": "MISC",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14"
},
{
"name": "openSUSE-SU-2012:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html"
},
{
"name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10",
"refsource": "MISC",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10"
},
{
"name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8",
"refsource": "MISC",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8"
},
{
"name": "USN-2815-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2815-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3425",
"datePublished": "2012-08-13T20:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8126 (GCVE-0-2015-8126)
Vulnerability from cvelistv5
Published
2015-11-13 02:00
Modified
2024-08-06 08:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "openSUSE-SU-2016:0664",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html"
},
{
"name": "openSUSE-SU-2016:0103",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html"
},
{
"name": "openSUSE-SU-2016:0684",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "openSUSE-SU-2015:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html"
},
{
"name": "openSUSE-SU-2015:2136",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"
},
{
"name": "77568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77568"
},
{
"name": "openSUSE-SU-2016:0272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"name": "FEDORA-2015-5e52306c9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html"
},
{
"name": "FEDORA-2015-ec2ddd15d7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"
},
{
"name": "GLSA-201611-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "openSUSE-SU-2016:0279",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"name": "DSA-3507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3507"
},
{
"name": "FEDORA-2015-501493d853",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"
},
{
"name": "1034142",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034142"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "FEDORA-2015-1d87313b7c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"
},
{
"name": "DSA-3399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3399"
},
{
"name": "RHSA-2015:2595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"name": "RHSA-2015:2596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"
},
{
"name": "openSUSE-SU-2015:2262",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html"
},
{
"name": "FEDORA-2015-8a1243db75",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html"
},
{
"name": "FEDORA-2015-13668fff74",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "openSUSE-SU-2016:0270",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148"
},
{
"name": "openSUSE-SU-2015:2100",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html"
},
{
"name": "[oss-security] 20151112 CVE request: libpng buffer overflow in png_set_PLTE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/12/2"
},
{
"name": "SUSE-SU-2016:0269",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"name": "openSUSE-SU-2016:0105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html"
},
{
"name": "FEDORA-2015-97fc1797fa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"
},
{
"name": "openSUSE-SU-2016:0729",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html"
},
{
"name": "openSUSE-SU-2016:0263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"name": "SUSE-SU-2016:0256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"name": "FEDORA-2016-43735c33a7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html"
},
{
"name": "SUSE-SU-2016:0665",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "FEDORA-2016-9a1c707b10",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html"
},
{
"name": "openSUSE-SU-2015:2263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html"
},
{
"name": "RHSA-2016:0057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"
},
{
"name": "RHSA-2016:0055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"
},
{
"name": "FEDORA-2015-c80ec85542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"
},
{
"name": "openSUSE-SU-2015:2099",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"
},
{
"name": "USN-2815-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2815-1"
},
{
"name": "RHSA-2016:0056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"
},
{
"name": "openSUSE-SU-2016:0268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"name": "FEDORA-2015-4ad4998d00",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"
},
{
"name": "RHSA-2015:2594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
},
{
"name": "FEDORA-2015-233750b6ab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=560291"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"
},
{
"name": "SUSE-SU-2016:0265",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"name": "openSUSE-SU-2016:0104",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "openSUSE-SU-2016:0664",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html"
},
{
"name": "openSUSE-SU-2016:0103",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html"
},
{
"name": "openSUSE-SU-2016:0684",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "openSUSE-SU-2015:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html"
},
{
"name": "openSUSE-SU-2015:2136",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"
},
{
"name": "77568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77568"
},
{
"name": "openSUSE-SU-2016:0272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"name": "FEDORA-2015-5e52306c9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html"
},
{
"name": "FEDORA-2015-ec2ddd15d7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"
},
{
"name": "GLSA-201611-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "openSUSE-SU-2016:0279",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"name": "DSA-3507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3507"
},
{
"name": "FEDORA-2015-501493d853",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"
},
{
"name": "1034142",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034142"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "FEDORA-2015-1d87313b7c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"
},
{
"name": "DSA-3399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3399"
},
{
"name": "RHSA-2015:2595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"name": "RHSA-2015:2596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"
},
{
"name": "openSUSE-SU-2015:2262",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html"
},
{
"name": "FEDORA-2015-8a1243db75",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html"
},
{
"name": "FEDORA-2015-13668fff74",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "openSUSE-SU-2016:0270",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148"
},
{
"name": "openSUSE-SU-2015:2100",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html"
},
{
"name": "[oss-security] 20151112 CVE request: libpng buffer overflow in png_set_PLTE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/12/2"
},
{
"name": "SUSE-SU-2016:0269",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"name": "openSUSE-SU-2016:0105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html"
},
{
"name": "FEDORA-2015-97fc1797fa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"
},
{
"name": "openSUSE-SU-2016:0729",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html"
},
{
"name": "openSUSE-SU-2016:0263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"name": "SUSE-SU-2016:0256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"name": "FEDORA-2016-43735c33a7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html"
},
{
"name": "SUSE-SU-2016:0665",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html"
},
{
"name": "GLSA-201603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "FEDORA-2016-9a1c707b10",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html"
},
{
"name": "openSUSE-SU-2015:2263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html"
},
{
"name": "RHSA-2016:0057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"
},
{
"name": "RHSA-2016:0055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"
},
{
"name": "FEDORA-2015-c80ec85542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"
},
{
"name": "openSUSE-SU-2015:2099",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"
},
{
"name": "USN-2815-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2815-1"
},
{
"name": "RHSA-2016:0056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"
},
{
"name": "openSUSE-SU-2016:0268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"name": "FEDORA-2015-4ad4998d00",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"
},
{
"name": "RHSA-2015:2594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
},
{
"name": "FEDORA-2015-233750b6ab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=560291"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"
},
{
"name": "SUSE-SU-2016:0265",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"name": "openSUSE-SU-2016:0104",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-03-21-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "openSUSE-SU-2016:0664",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html"
},
{
"name": "openSUSE-SU-2016:0103",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html"
},
{
"name": "openSUSE-SU-2016:0684",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html"
},
{
"name": "https://support.apple.com/HT206167",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206167"
},
{
"name": "openSUSE-SU-2015:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html"
},
{
"name": "openSUSE-SU-2015:2136",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"
},
{
"name": "77568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77568"
},
{
"name": "openSUSE-SU-2016:0272",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"name": "FEDORA-2015-5e52306c9c",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html"
},
{
"name": "FEDORA-2015-ec2ddd15d7",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"
},
{
"name": "GLSA-201611-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "openSUSE-SU-2016:0279",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"name": "DSA-3507",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3507"
},
{
"name": "FEDORA-2015-501493d853",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"
},
{
"name": "1034142",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034142"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "RHSA-2016:1430",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "FEDORA-2015-1d87313b7c",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"
},
{
"name": "DSA-3399",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3399"
},
{
"name": "RHSA-2015:2595",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"name": "RHSA-2015:2596",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"
},
{
"name": "openSUSE-SU-2015:2262",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html"
},
{
"name": "FEDORA-2015-8a1243db75",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html"
},
{
"name": "FEDORA-2015-13668fff74",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "openSUSE-SU-2016:0270",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148"
},
{
"name": "openSUSE-SU-2015:2100",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html"
},
{
"name": "[oss-security] 20151112 CVE request: libpng buffer overflow in png_set_PLTE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/12/2"
},
{
"name": "SUSE-SU-2016:0269",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"name": "openSUSE-SU-2016:0105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html"
},
{
"name": "FEDORA-2015-97fc1797fa",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"
},
{
"name": "openSUSE-SU-2016:0729",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html"
},
{
"name": "openSUSE-SU-2016:0263",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"name": "SUSE-SU-2016:0256",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"name": "FEDORA-2016-43735c33a7",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html"
},
{
"name": "SUSE-SU-2016:0665",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "FEDORA-2016-9a1c707b10",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html"
},
{
"name": "openSUSE-SU-2015:2263",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html"
},
{
"name": "RHSA-2016:0057",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"
},
{
"name": "RHSA-2016:0055",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"
},
{
"name": "FEDORA-2015-c80ec85542",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"
},
{
"name": "openSUSE-SU-2015:2099",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"
},
{
"name": "USN-2815-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2815-1"
},
{
"name": "RHSA-2016:0056",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"
},
{
"name": "openSUSE-SU-2016:0268",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"name": "FEDORA-2015-4ad4998d00",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"
},
{
"name": "RHSA-2015:2594",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
},
{
"name": "FEDORA-2015-233750b6ab",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=560291",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=560291"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"
},
{
"name": "SUSE-SU-2016:0265",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"name": "openSUSE-SU-2016:0104",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8126",
"datePublished": "2015-11-13T02:00:00",
"dateReserved": "2015-11-12T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3048 (GCVE-0-2011-3048)
Vulnerability from cvelistv5
Published
2012-05-29 20:00
Modified
2024-08-06 23:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "48983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48983"
},
{
"name": "RHSA-2012:0523",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0523.html"
},
{
"name": "libpng-pngsettext2-code-execution(74494)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74494"
},
{
"name": "APPLE-SA-2012-09-19-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "52830",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52830"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt"
},
{
"name": "DSA-2446",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2446"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "MDVSA-2012:046",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:046"
},
{
"name": "48587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48587"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "80822",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/80822"
},
{
"name": "FEDORA-2012-5526",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html"
},
{
"name": "48644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48644"
},
{
"name": "FEDORA-2012-5079",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "FEDORA-2012-5515",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html"
},
{
"name": "FEDORA-2012-5080",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html"
},
{
"name": "1026879",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026879"
},
{
"name": "FEDORA-2012-5518",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html"
},
{
"name": "48665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48665"
},
{
"name": "FEDORA-2012-4902",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html"
},
{
"name": "48721",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48721"
},
{
"name": "USN-1417-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1417-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "48983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48983"
},
{
"name": "RHSA-2012:0523",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0523.html"
},
{
"name": "libpng-pngsettext2-code-execution(74494)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74494"
},
{
"name": "APPLE-SA-2012-09-19-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "52830",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52830"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt"
},
{
"name": "DSA-2446",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2446"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "MDVSA-2012:046",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:046"
},
{
"name": "48587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48587"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "80822",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/80822"
},
{
"name": "FEDORA-2012-5526",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html"
},
{
"name": "48644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48644"
},
{
"name": "FEDORA-2012-5079",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "FEDORA-2012-5515",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html"
},
{
"name": "FEDORA-2012-5080",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html"
},
{
"name": "1026879",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026879"
},
{
"name": "FEDORA-2012-5518",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html"
},
{
"name": "48665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48665"
},
{
"name": "FEDORA-2012-4902",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html"
},
{
"name": "48721",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48721"
},
{
"name": "USN-1417-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1417-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49660"
},
{
"name": "48983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48983"
},
{
"name": "RHSA-2012:0523",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0523.html"
},
{
"name": "libpng-pngsettext2-code-execution(74494)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74494"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "52830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52830"
},
{
"name": "http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt",
"refsource": "CONFIRM",
"url": "http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt"
},
{
"name": "DSA-2446",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2446"
},
{
"name": "GLSA-201206-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "MDVSA-2012:046",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:046"
},
{
"name": "48587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48587"
},
{
"name": "http://www.libpng.org/pub/png/libpng.html",
"refsource": "CONFIRM",
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"name": "80822",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80822"
},
{
"name": "FEDORA-2012-5526",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html"
},
{
"name": "48644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48644"
},
{
"name": "FEDORA-2012-5079",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html"
},
{
"name": "APPLE-SA-2012-09-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "http://support.apple.com/kb/HT5501",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "FEDORA-2012-5515",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html"
},
{
"name": "FEDORA-2012-5080",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html"
},
{
"name": "1026879",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026879"
},
{
"name": "FEDORA-2012-5518",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html"
},
{
"name": "48665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48665"
},
{
"name": "FEDORA-2012-4902",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html"
},
{
"name": "48721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48721"
},
{
"name": "USN-1417-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1417-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3048",
"datePublished": "2012-05-29T20:00:00",
"dateReserved": "2011-08-09T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3464 (GCVE-0-2011-3464)
Vulnerability from cvelistv5
Published
2012-07-22 17:00
Modified
2024-08-06 23:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "47827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47827"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-25T09:00:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "47827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47827"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-3464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49660"
},
{
"name": "47827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47827"
},
{
"name": "GLSA-201206-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "http://www.libpng.org/pub/png/libpng.html",
"refsource": "CONFIRM",
"url": "http://www.libpng.org/pub/png/libpng.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2011-3464",
"datePublished": "2012-07-22T17:00:00",
"dateReserved": "2011-09-13T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5266 (GCVE-0-2007-5266)
Vulnerability from cvelistv5
Published
2007-10-08 21:00
Modified
2024-08-07 15:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "MDKSA-2007:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "[png-mng-implement] 20070911 FW: Suspicious `sizeof\u0027 line 694 of pngset.c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com\u0026forum_name=png-mng-implement"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"name": "27529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27529"
},
{
"name": "27746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27746"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27284"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name": "30161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "[png-mng-implement] 20070914 libpng-1.0.29beta1 and libpng-1.2.21beta1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200711-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "SSA:2007-325-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "25957",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25957"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"name": "27629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "MDKSA-2007:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "[png-mng-implement] 20070911 FW: Suspicious `sizeof\u0027 line 694 of pngset.c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com\u0026forum_name=png-mng-implement"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"name": "27529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27529"
},
{
"name": "27746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27746"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27284"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name": "30161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "[png-mng-implement] 20070914 libpng-1.0.29beta1 and libpng-1.2.21beta1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200711-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "SSA:2007-325-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "25957",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25957"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"name": "27629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.rpath.com/browse/RPL-1814",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "MDKSA-2007:217",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"name": "35386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35386"
},
{
"name": "[png-mng-implement] 20070911 FW: Suspicious `sizeof\u0027 line 694 of pngset.c",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com\u0026forum_name=png-mng-implement"
},
{
"name": "1020521",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "ADV-2009-1560",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "ADV-2009-1462",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=195261",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"name": "27529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27529"
},
{
"name": "27746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27746"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2148",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35302"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27284"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html",
"refsource": "CONFIRM",
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name": "30161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "[png-mng-implement] 20070914 libpng-1.0.29beta1 and libpng-1.2.21beta1",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200711-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "SSA:2007-325-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "25957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25957"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"name": "27629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5266",
"datePublished": "2007-10-08T21:00:00",
"dateReserved": "2007-10-08T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8540 (GCVE-0-2015-8540)
Vulnerability from cvelistv5
Published
2016-04-14 14:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:42.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/"
},
{
"name": "GLSA-201611-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "[oss-security] 20151211 Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "[oss-security] 20151210 CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/"
},
{
"name": "[oss-security] 20151211 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/1"
},
{
"name": "[oss-security] 20151210 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/"
},
{
"name": "DSA-3443",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/libpng/bugs/244/"
},
{
"name": "80592",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80592"
},
{
"name": "[oss-security] 20151217 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/10"
},
{
"name": "FEDORA-2015-3868cfa17b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/"
},
{
"name": "GLSA-201611-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "[oss-security] 20151211 Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "[oss-security] 20151210 CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/"
},
{
"name": "[oss-security] 20151211 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/1"
},
{
"name": "[oss-security] 20151210 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/"
},
{
"name": "DSA-3443",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/libpng/bugs/244/"
},
{
"name": "80592",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/80592"
},
{
"name": "[oss-security] 20151217 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/10"
},
{
"name": "FEDORA-2015-3868cfa17b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/"
},
{
"name": "GLSA-201611-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "[oss-security] 20151211 Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/2"
},
{
"name": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/"
},
{
"name": "RHSA-2016:1430",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "[oss-security] 20151210 CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/6"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/"
},
{
"name": "[oss-security] 20151211 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/1"
},
{
"name": "[oss-security] 20151210 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/7"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/"
},
{
"name": "DSA-3443",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"name": "http://sourceforge.net/p/libpng/bugs/244/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/libpng/bugs/244/"
},
{
"name": "80592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/80592"
},
{
"name": "[oss-security] 20151217 Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/10"
},
{
"name": "FEDORA-2015-3868cfa17b",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8540",
"datePublished": "2016-04-14T14:00:00",
"dateReserved": "2015-12-10T00:00:00",
"dateUpdated": "2024-08-06T08:20:42.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14048 (GCVE-0-2018-14048)
Vulnerability from cvelistv5
Published
2018-07-13 16:00
Modified
2024-08-05 09:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:21:40.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fouzhe/security/tree/master/libpng"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/glennrp/libpng/issues/238"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"name": "GLSA-201908-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-03T12:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fouzhe/security/tree/master/libpng"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/glennrp/libpng/issues/238"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"name": "GLSA-201908-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fouzhe/security/tree/master/libpng",
"refsource": "MISC",
"url": "https://github.com/fouzhe/security/tree/master/libpng"
},
{
"name": "https://github.com/glennrp/libpng/issues/238",
"refsource": "MISC",
"url": "https://github.com/glennrp/libpng/issues/238"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"name": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"name": "GLSA-201908-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14048",
"datePublished": "2018-07-13T16:00:00",
"dateReserved": "2018-07-13T00:00:00",
"dateUpdated": "2024-08-05T09:21:40.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7981 (GCVE-0-2015-7981)
Vulnerability from cvelistv5
Published
2015-11-24 20:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77304",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77304"
},
{
"name": "[oss-security] 20151026 CVE Requests for read out of bound in libpng",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/26/1"
},
{
"name": "openSUSE-SU-2015:2136",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.64/"
},
{
"name": "FEDORA-2015-ec2ddd15d7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"
},
{
"name": "GLSA-201611-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "[oss-security] 20151026 Re: CVE Requests for read out of bound in libpng",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/26/3"
},
{
"name": "FEDORA-2015-501493d853",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.54/"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "FEDORA-2015-1d87313b7c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"
},
{
"name": "DSA-3399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3399"
},
{
"name": "RHSA-2015:2595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.17/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "1034393",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/libpng/bugs/241/"
},
{
"name": "openSUSE-SU-2015:2099",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"
},
{
"name": "USN-2815-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2815-1"
},
{
"name": "RHSA-2015:2594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "77304",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77304"
},
{
"name": "[oss-security] 20151026 CVE Requests for read out of bound in libpng",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/26/1"
},
{
"name": "openSUSE-SU-2015:2136",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.64/"
},
{
"name": "FEDORA-2015-ec2ddd15d7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"
},
{
"name": "GLSA-201611-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "[oss-security] 20151026 Re: CVE Requests for read out of bound in libpng",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/26/3"
},
{
"name": "FEDORA-2015-501493d853",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.54/"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "FEDORA-2015-1d87313b7c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"
},
{
"name": "DSA-3399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3399"
},
{
"name": "RHSA-2015:2595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.17/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "1034393",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/libpng/bugs/241/"
},
{
"name": "openSUSE-SU-2015:2099",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"
},
{
"name": "USN-2815-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2815-1"
},
{
"name": "RHSA-2015:2594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77304"
},
{
"name": "[oss-security] 20151026 CVE Requests for read out of bound in libpng",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/26/1"
},
{
"name": "openSUSE-SU-2015:2136",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.64/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.64/"
},
{
"name": "FEDORA-2015-ec2ddd15d7",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"
},
{
"name": "GLSA-201611-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"name": "[oss-security] 20151026 Re: CVE Requests for read out of bound in libpng",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/26/3"
},
{
"name": "FEDORA-2015-501493d853",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.54/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.54/"
},
{
"name": "RHSA-2016:1430",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "FEDORA-2015-1d87313b7c",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"
},
{
"name": "DSA-3399",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3399"
},
{
"name": "RHSA-2015:2595",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.17/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.17/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "1034393",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034393"
},
{
"name": "http://sourceforge.net/p/libpng/bugs/241/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/libpng/bugs/241/"
},
{
"name": "openSUSE-SU-2015:2099",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"
},
{
"name": "USN-2815-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2815-1"
},
{
"name": "RHSA-2015:2594",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7981",
"datePublished": "2015-11-24T20:00:00",
"dateReserved": "2015-10-26T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3751 (GCVE-0-2016-3751)
Vulnerability from cvelistv5
Published
2016-07-11 01:00
Modified
2024-08-06 00:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:34.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T13:06:15.775280",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2016-3751",
"datePublished": "2016-07-11T01:00:00",
"dateReserved": "2016-03-30T00:00:00",
"dateUpdated": "2024-08-06T00:03:34.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3045 (GCVE-0-2011-3045)
Vulnerability from cvelistv5
Published
2012-03-22 16:00
Modified
2025-06-09 15:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2012-3545",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html"
},
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "RHSA-2012:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0407.html"
},
{
"name": "MDVSA-2012:033",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:033"
},
{
"name": "FEDORA-2012-3507",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html"
},
{
"name": "DSA-2439",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2439"
},
{
"name": "FEDORA-2012-3605",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html"
},
{
"name": "48320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=125311"
},
{
"name": "FEDORA-2012-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html"
},
{
"name": "FEDORA-2012-3536",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html"
},
{
"name": "openSUSE-SU-2012:0466",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "oval:org.mitre.oval:def:14763",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799000"
},
{
"name": "48485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48485"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b"
},
{
"name": "48554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48554"
},
{
"name": "openSUSE-SU-2012:0432",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=116162"
},
{
"name": "1026823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026823"
},
{
"name": "FEDORA-2012-3705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html"
},
{
"name": "48512",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48512"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2011-3045",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:35:38.664911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-195",
"description": "CWE-195 Signed to Unsigned Conversion Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:35:52.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-09T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2012-3545",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html"
},
{
"name": "49660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49660"
},
{
"name": "RHSA-2012:0407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0407.html"
},
{
"name": "MDVSA-2012:033",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:033"
},
{
"name": "FEDORA-2012-3507",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html"
},
{
"name": "DSA-2439",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2439"
},
{
"name": "FEDORA-2012-3605",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html"
},
{
"name": "48320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=125311"
},
{
"name": "FEDORA-2012-3739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html"
},
{
"name": "FEDORA-2012-3536",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html"
},
{
"name": "openSUSE-SU-2012:0466",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html"
},
{
"name": "GLSA-201206-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "oval:org.mitre.oval:def:14763",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799000"
},
{
"name": "48485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48485"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b"
},
{
"name": "48554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48554"
},
{
"name": "openSUSE-SU-2012:0432",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=116162"
},
{
"name": "1026823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026823"
},
{
"name": "FEDORA-2012-3705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html"
},
{
"name": "48512",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48512"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2012-3545",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html"
},
{
"name": "49660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49660"
},
{
"name": "RHSA-2012:0407",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0407.html"
},
{
"name": "MDVSA-2012:033",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:033"
},
{
"name": "FEDORA-2012-3507",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html"
},
{
"name": "DSA-2439",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2439"
},
{
"name": "FEDORA-2012-3605",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html"
},
{
"name": "48320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48320"
},
{
"name": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=125311",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=125311"
},
{
"name": "FEDORA-2012-3739",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html"
},
{
"name": "FEDORA-2012-3536",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html"
},
{
"name": "openSUSE-SU-2012:0466",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html"
},
{
"name": "GLSA-201206-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "RHSA-2012:0488",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "oval:org.mitre.oval:def:14763",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=799000",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799000"
},
{
"name": "48485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48485"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html"
},
{
"name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b",
"refsource": "CONFIRM",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b"
},
{
"name": "48554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48554"
},
{
"name": "openSUSE-SU-2012:0432",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=116162",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=116162"
},
{
"name": "1026823",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026823"
},
{
"name": "FEDORA-2012-3705",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html"
},
{
"name": "48512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48512"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3045",
"datePublished": "2012-03-22T16:00:00.000Z",
"dateReserved": "2011-08-09T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:35:52.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0408 (GCVE-0-2011-0408)
Vulnerability from cvelistv5
Published
2011-01-18 17:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42863"
},
{
"name": "70417",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70417"
},
{
"name": "VU#643140",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/643140"
},
{
"name": "libpng-pngsetrgbtogray-bo(64637)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64637"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-README.txt"
},
{
"name": "1024955",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024955"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org\u0026forum_name=png-mng-implement"
},
{
"name": "ADV-2011-0080",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "42863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42863"
},
{
"name": "70417",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70417"
},
{
"name": "VU#643140",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/643140"
},
{
"name": "libpng-pngsetrgbtogray-bo(64637)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64637"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-README.txt"
},
{
"name": "1024955",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024955"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org\u0026forum_name=png-mng-implement"
},
{
"name": "ADV-2011-0080",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0080"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42863"
},
{
"name": "70417",
"refsource": "OSVDB",
"url": "http://osvdb.org/70417"
},
{
"name": "VU#643140",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/643140"
},
{
"name": "libpng-pngsetrgbtogray-bo(64637)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64637"
},
{
"name": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-README.txt",
"refsource": "MISC",
"url": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-README.txt"
},
{
"name": "1024955",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024955"
},
{
"name": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt",
"refsource": "CONFIRM",
"url": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt"
},
{
"name": "http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org\u0026forum_name=png-mng-implement",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org\u0026forum_name=png-mng-implement"
},
{
"name": "ADV-2011-0080",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0080"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-0408",
"datePublished": "2011-01-18T17:00:00",
"dateReserved": "2011-01-11T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6129 (GCVE-0-2019-6129)
Vulnerability from cvelistv5
Published
2019-01-11 05:00
Modified
2024-08-04 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/glennrp/libpng/issues/269"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated \"I don\u0027t think it is libpng\u0027s job to free this buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T02:52:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/glennrp/libpng/issues/269"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated \"I don\u0027t think it is libpng\u0027s job to free this buffer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/glennrp/libpng/issues/269",
"refsource": "MISC",
"url": "https://github.com/glennrp/libpng/issues/269"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6129",
"datePublished": "2019-01-11T05:00:00",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:16:24.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5907 (GCVE-0-2008-5907)
Vulnerability from cvelistv5
Published
2009-01-15 17:00
Modified
2024-08-07 11:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:13:13.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libpng.sourceforge.net/index.html"
},
{
"name": "GLSA-200903-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-28.xml"
},
{
"name": "libpng-pngcheckkeyword-memory-corruption(48128)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48128"
},
{
"name": "SUSE-SR:2009:003",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
},
{
"name": "34388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34388"
},
{
"name": "DSA-1750",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "[oss-security] 20090109 libpng non issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/01/09/1"
},
{
"name": "MDVSA-2009:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
},
{
"name": "34320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34320"
},
{
"name": "[png-mng-implement] 20081126 Memory overwriting bug in png_check_keyword()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local\u0026forum_name=png-mng-implement"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the \u0027\\0\u0027 character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libpng.sourceforge.net/index.html"
},
{
"name": "GLSA-200903-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-28.xml"
},
{
"name": "libpng-pngcheckkeyword-memory-corruption(48128)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48128"
},
{
"name": "SUSE-SR:2009:003",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
},
{
"name": "34388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34388"
},
{
"name": "DSA-1750",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "[oss-security] 20090109 libpng non issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/01/09/1"
},
{
"name": "MDVSA-2009:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
},
{
"name": "34320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34320"
},
{
"name": "[png-mng-implement] 20081126 Memory overwriting bug in png_check_keyword()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local\u0026forum_name=png-mng-implement"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the \u0027\\0\u0027 character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://libpng.sourceforge.net/index.html",
"refsource": "CONFIRM",
"url": "http://libpng.sourceforge.net/index.html"
},
{
"name": "GLSA-200903-28",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-28.xml"
},
{
"name": "libpng-pngcheckkeyword-memory-corruption(48128)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48128"
},
{
"name": "SUSE-SR:2009:003",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
},
{
"name": "34388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34388"
},
{
"name": "DSA-1750",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "[oss-security] 20090109 libpng non issue",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/01/09/1"
},
{
"name": "MDVSA-2009:051",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
},
{
"name": "34320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34320"
},
{
"name": "[png-mng-implement] 20081126 Memory overwriting bug in png_check_keyword()",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local\u0026forum_name=png-mng-implement"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5907",
"datePublished": "2009-01-15T17:00:00",
"dateReserved": "2009-01-15T00:00:00",
"dateUpdated": "2024-08-07T11:13:13.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0040 (GCVE-0-2009-0040)
Vulnerability from cvelistv5
Published
2009-02-22 22:00
Modified
2024-08-07 04:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:0315",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0315.html"
},
{
"name": "SUSE-SA:2009:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "SUSE-SA:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html"
},
{
"name": "GLSA-200903-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-28.xml"
},
{
"name": "RHSA-2009:0333",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0333.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "DSA-1830",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1830"
},
{
"name": "ADV-2009-0632",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0632"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "RHSA-2009:0340",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0340.html"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "oval:org.mitre.oval:def:10316",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316"
},
{
"name": "ADV-2009-0469",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0469"
},
{
"name": "34388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34388"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "SSA:2009-083-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.405420"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "36096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36096"
},
{
"name": "[png-mng-implement] 20090219 libpng-1.2.35 and libpng-1.0.43 fix security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"name": "RHSA-2009:0325",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0325.html"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "33976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33976"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "libpng-pointer-arrays-code-execution(48819)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48819"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "34140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34140"
},
{
"name": "ADV-2009-1451",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1451"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "FEDORA-2009-2045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "SUSE-SR:2009:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name": "MDVSA-2009:083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083"
},
{
"name": "34464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34464"
},
{
"name": "34272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34272"
},
{
"name": "34210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34210"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt"
},
{
"name": "APPLE-SA-2009-08-05-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:6458",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458"
},
{
"name": "34265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0046"
},
{
"name": "34145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34145"
},
{
"name": "20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "ADV-2009-0473",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0473"
},
{
"name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"name": "34143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34143"
},
{
"name": "FEDORA-2009-2882",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html"
},
{
"name": "DSA-1750",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "FEDORA-2009-2884",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html"
},
{
"name": "SSA:2009-083-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.433952"
},
{
"name": "33970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33970"
},
{
"name": "34137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34137"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=1689\u0026release_id=662441"
},
{
"name": "34462",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34462"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "FEDORA-2009-1976",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt"
},
{
"name": "VU#649212",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/649212"
},
{
"name": "34324",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34324"
},
{
"name": "20090312 rPSA-2009-0046-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501767/100/0/threaded"
},
{
"name": "34152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34152"
},
{
"name": "MDVSA-2009:075",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:075"
},
{
"name": "33990",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33990"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "35258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35258"
},
{
"name": "33827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33827"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "ADV-2009-2172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"name": "MDVSA-2009:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
},
{
"name": "34320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/japple/css/japple?temp.documentID=366362\u0026temp.productID=154235\u0026temp.releaseID=361845\u0026temp.bucketID=126655\u0026PAGE=Document"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2009:0315",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0315.html"
},
{
"name": "SUSE-SA:2009:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "SUSE-SA:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html"
},
{
"name": "GLSA-200903-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-28.xml"
},
{
"name": "RHSA-2009:0333",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0333.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "DSA-1830",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1830"
},
{
"name": "ADV-2009-0632",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0632"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "RHSA-2009:0340",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0340.html"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "oval:org.mitre.oval:def:10316",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316"
},
{
"name": "ADV-2009-0469",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0469"
},
{
"name": "34388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34388"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "SSA:2009-083-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.405420"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "36096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36096"
},
{
"name": "[png-mng-implement] 20090219 libpng-1.2.35 and libpng-1.0.43 fix security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"name": "RHSA-2009:0325",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0325.html"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "33976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33976"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "libpng-pointer-arrays-code-execution(48819)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48819"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "34140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34140"
},
{
"name": "ADV-2009-1451",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1451"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "FEDORA-2009-2045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "SUSE-SR:2009:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name": "MDVSA-2009:083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083"
},
{
"name": "34464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34464"
},
{
"name": "34272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34272"
},
{
"name": "34210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34210"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt"
},
{
"name": "APPLE-SA-2009-08-05-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:6458",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458"
},
{
"name": "34265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0046"
},
{
"name": "34145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34145"
},
{
"name": "20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "ADV-2009-0473",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0473"
},
{
"name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"name": "34143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34143"
},
{
"name": "FEDORA-2009-2882",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html"
},
{
"name": "DSA-1750",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "FEDORA-2009-2884",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html"
},
{
"name": "SSA:2009-083-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.433952"
},
{
"name": "33970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33970"
},
{
"name": "34137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34137"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=1689\u0026release_id=662441"
},
{
"name": "34462",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34462"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "FEDORA-2009-1976",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt"
},
{
"name": "VU#649212",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/649212"
},
{
"name": "34324",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34324"
},
{
"name": "20090312 rPSA-2009-0046-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501767/100/0/threaded"
},
{
"name": "34152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34152"
},
{
"name": "MDVSA-2009:075",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:075"
},
{
"name": "33990",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33990"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "35258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35258"
},
{
"name": "33827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33827"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "ADV-2009-2172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"name": "MDVSA-2009:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
},
{
"name": "34320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/japple/css/japple?temp.documentID=366362\u0026temp.productID=154235\u0026temp.releaseID=361845\u0026temp.bucketID=126655\u0026PAGE=Document"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0040",
"datePublished": "2009-02-22T22:00:00",
"dateReserved": "2008-12-15T00:00:00",
"dateUpdated": "2024-08-07T04:17:10.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0973 (GCVE-0-2015-0973)
Vulnerability from cvelistv5
Published
2015-01-18 18:00
Modified
2025-06-09 15:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"name": "62725",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/62725"
},
{
"tags": [
"x_transferred"
],
"url": "http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240719-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2015-0973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:25:31.669215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:25:54.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T13:06:22.903Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"url": "https://support.apple.com/HT206167"
},
{
"name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
"tags": [
"mailing-list"
],
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"name": "62725",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/62725"
},
{
"url": "http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240719-0005/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0973",
"datePublished": "2015-01-18T18:00:00.000Z",
"dateReserved": "2015-01-10T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:25:54.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-01-30 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/12/29/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/12/30/4 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/95157 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | ||
| cve@mitre.org | https://security.gentoo.org/glsa/201701-74 | ||
| cve@mitre.org | https://usn.ubuntu.com/3712-1/ | ||
| cve@mitre.org | https://usn.ubuntu.com/3712-2/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/12/29/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/12/30/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95157 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-74 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3712-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3712-2/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | 0.8 | |
| libpng | libpng | 0.71 | |
| libpng | libpng | 0.81 | |
| libpng | libpng | 0.82 | |
| libpng | libpng | 0.85 | |
| libpng | libpng | 0.86 | |
| libpng | libpng | 0.87 | |
| libpng | libpng | 0.88 | |
| libpng | libpng | 0.89 | |
| libpng | libpng | 0.89c | |
| libpng | libpng | 0.90 | |
| libpng | libpng | 0.95 | |
| libpng | libpng | 0.96 | |
| libpng | libpng | 0.97 | |
| libpng | libpng | 0.98 | |
| libpng | libpng | 0.99 | |
| libpng | libpng | 0.99a | |
| libpng | libpng | 0.99b | |
| libpng | libpng | 0.99c | |
| libpng | libpng | 0.99d | |
| libpng | libpng | 0.99e | |
| libpng | libpng | 0.99f | |
| libpng | libpng | 0.99g | |
| libpng | libpng | 0.99h | |
| libpng | libpng | 1.00 | |
| libpng | libpng | 1.0.0 | |
| libpng | libpng | 1.0.0a | |
| libpng | libpng | 1.0.0b | |
| libpng | libpng | 1.0.1 | |
| libpng | libpng | 1.0.1a | |
| libpng | libpng | 1.0.1b | |
| libpng | libpng | 1.0.1c | |
| libpng | libpng | 1.0.1d | |
| libpng | libpng | 1.0.1e | |
| libpng | libpng | 1.0.2 | |
| libpng | libpng | 1.0.2a | |
| libpng | libpng | 1.0.3 | |
| libpng | libpng | 1.0.3a | |
| libpng | libpng | 1.0.3b | |
| libpng | libpng | 1.0.3d | |
| libpng | libpng | 1.0.4 | |
| libpng | libpng | 1.0.4a | |
| libpng | libpng | 1.0.4b | |
| libpng | libpng | 1.0.4c | |
| libpng | libpng | 1.0.4d | |
| libpng | libpng | 1.0.4e | |
| libpng | libpng | 1.0.4f | |
| libpng | libpng | 1.0.5 | |
| libpng | libpng | 1.0.5a | |
| libpng | libpng | 1.0.5b | |
| libpng | libpng | 1.0.5c | |
| libpng | libpng | 1.0.5d | |
| libpng | libpng | 1.0.5e | |
| libpng | libpng | 1.0.5f | |
| libpng | libpng | 1.0.5g | |
| libpng | libpng | 1.0.5h | |
| libpng | libpng | 1.0.5i | |
| libpng | libpng | 1.0.5j | |
| libpng | libpng | 1.0.5k | |
| libpng | libpng | 1.0.5l | |
| libpng | libpng | 1.0.5m | |
| libpng | libpng | 1.0.5n | |
| libpng | libpng | 1.0.5o | |
| libpng | libpng | 1.0.5p | |
| libpng | libpng | 1.0.5q | |
| libpng | libpng | 1.0.5r | |
| libpng | libpng | 1.0.5s | |
| libpng | libpng | 1.0.5t | |
| libpng | libpng | 1.0.5u | |
| libpng | libpng | 1.0.5v | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6d | |
| libpng | libpng | 1.0.6e | |
| libpng | libpng | 1.0.6f | |
| libpng | libpng | 1.0.6g | |
| libpng | libpng | 1.0.6h | |
| libpng | libpng | 1.0.6i | |
| libpng | libpng | 1.0.6j | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.10 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.13 | |
| libpng | libpng | 1.0.14 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.16 | |
| libpng | libpng | 1.0.17 | |
| libpng | libpng | 1.0.18 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.20 | |
| libpng | libpng | 1.0.21 | |
| libpng | libpng | 1.0.22 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.24 | |
| libpng | libpng | 1.0.25 | |
| libpng | libpng | 1.0.26 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.30 | |
| libpng | libpng | 1.0.31 | |
| libpng | libpng | 1.0.32 | |
| libpng | libpng | 1.0.33 | |
| libpng | libpng | 1.0.34 | |
| libpng | libpng | 1.0.35 | |
| libpng | libpng | 1.0.37 | |
| libpng | libpng | 1.0.38 | |
| libpng | libpng | 1.0.39 | |
| libpng | libpng | 1.0.40 | |
| libpng | libpng | 1.0.41 | |
| libpng | libpng | 1.0.42 | |
| libpng | libpng | 1.0.43 | |
| libpng | libpng | 1.0.44 | |
| libpng | libpng | 1.0.45 | |
| libpng | libpng | 1.0.46 | |
| libpng | libpng | 1.0.47 | |
| libpng | libpng | 1.0.48 | |
| libpng | libpng | 1.0.50 | |
| libpng | libpng | 1.0.51 | |
| libpng | libpng | 1.0.52 | |
| libpng | libpng | 1.0.53 | |
| libpng | libpng | 1.0.54 | |
| libpng | libpng | 1.0.55 | |
| libpng | libpng | 1.0.56 | |
| libpng | libpng | 1.0.57 | |
| libpng | libpng | 1.0.58 | |
| libpng | libpng | 1.0.59 | |
| libpng | libpng | 1.0.60 | |
| libpng | libpng | 1.0.61 | |
| libpng | libpng | 1.0.62 | |
| libpng | libpng | 1.0.63 | |
| libpng | libpng | 1.0.64 | |
| libpng | libpng | 1.0.65 | |
| libpng | libpng | 1.0.66 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.12 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.18 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.27 | |
| libpng | libpng | 1.2.29 | |
| libpng | libpng | 1.2.32 | |
| libpng | libpng | 1.2.33 | |
| libpng | libpng | 1.2.35 | |
| libpng | libpng | 1.2.37 | |
| libpng | libpng | 1.2.38 | |
| libpng | libpng | 1.2.39 | |
| libpng | libpng | 1.2.41 | |
| libpng | libpng | 1.2.42 | |
| libpng | libpng | 1.2.44 | |
| libpng | libpng | 1.2.45 | |
| libpng | libpng | 1.2.46 | |
| libpng | libpng | 1.2.47 | |
| libpng | libpng | 1.2.50 | |
| libpng | libpng | 1.2.51 | |
| libpng | libpng | 1.2.52 | |
| libpng | libpng | 1.2.53 | |
| libpng | libpng | 1.2.54 | |
| libpng | libpng | 1.2.55 | |
| libpng | libpng | 1.2.56 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.1 | |
| libpng | libpng | 1.4.2 | |
| libpng | libpng | 1.4.3 | |
| libpng | libpng | 1.4.4 | |
| libpng | libpng | 1.4.5 | |
| libpng | libpng | 1.4.6 | |
| libpng | libpng | 1.4.7 | |
| libpng | libpng | 1.4.8 | |
| libpng | libpng | 1.4.9 | |
| libpng | libpng | 1.4.10 | |
| libpng | libpng | 1.4.11 | |
| libpng | libpng | 1.4.12 | |
| libpng | libpng | 1.4.13 | |
| libpng | libpng | 1.4.14 | |
| libpng | libpng | 1.4.15 | |
| libpng | libpng | 1.4.16 | |
| libpng | libpng | 1.4.17 | |
| libpng | libpng | 1.4.18 | |
| libpng | libpng | 1.4.19 | |
| libpng | libpng | 1.2.55 | |
| libpng | libpng | 1.5.0 | |
| libpng | libpng | 1.5.1 | |
| libpng | libpng | 1.5.2 | |
| libpng | libpng | 1.5.3 | |
| libpng | libpng | 1.5.4 | |
| libpng | libpng | 1.5.5 | |
| libpng | libpng | 1.5.6 | |
| libpng | libpng | 1.5.7 | |
| libpng | libpng | 1.5.8 | |
| libpng | libpng | 1.5.9 | |
| libpng | libpng | 1.5.10 | |
| libpng | libpng | 1.5.11 | |
| libpng | libpng | 1.5.12 | |
| libpng | libpng | 1.5.13 | |
| libpng | libpng | 1.5.14 | |
| libpng | libpng | 1.5.15 | |
| libpng | libpng | 1.5.16 | |
| libpng | libpng | 1.5.17 | |
| libpng | libpng | 1.5.18 | |
| libpng | libpng | 1.5.19 | |
| libpng | libpng | 1.5.20 | |
| libpng | libpng | 1.5.21 | |
| libpng | libpng | 1.5.22 | |
| libpng | libpng | 1.5.23 | |
| libpng | libpng | 1.5.24 | |
| libpng | libpng | 1.5.25 | |
| libpng | libpng | 1.5.26 | |
| libpng | libpng | 1.5.27 | |
| libpng | libpng | 1.2.55 | |
| libpng | libpng | 1.6.0 | |
| libpng | libpng | 1.6.1 | |
| libpng | libpng | 1.6.2 | |
| libpng | libpng | 1.6.3 | |
| libpng | libpng | 1.6.4 | |
| libpng | libpng | 1.6.5 | |
| libpng | libpng | 1.6.6 | |
| libpng | libpng | 1.6.7 | |
| libpng | libpng | 1.6.8 | |
| libpng | libpng | 1.6.9 | |
| libpng | libpng | 1.6.10 | |
| libpng | libpng | 1.6.11 | |
| libpng | libpng | 1.6.12 | |
| libpng | libpng | 1.6.13 | |
| libpng | libpng | 1.6.14 | |
| libpng | libpng | 1.6.15 | |
| libpng | libpng | 1.6.16 | |
| libpng | libpng | 1.6.17 | |
| libpng | libpng | 1.6.18 | |
| libpng | libpng | 1.6.19 | |
| libpng | libpng | 1.6.20 | |
| libpng | libpng | 1.6.21 | |
| libpng | libpng | 1.6.22 | |
| libpng | libpng | 1.6.23 | |
| libpng | libpng | 1.6.24 | |
| libpng | libpng | 1.6.25 | |
| libpng | libpng | 1.6.26 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D85B75-10B4-435F-9617-71ED6D199183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A2487D-960A-43F5-AA57-7900DE6B4D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2620BB-22B6-45FF-98E2-3F9D553E6A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "83EF4CC5-B649-4D13-B513-1CA0AAE100DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "5EE3FEA9-4BE7-4229-9649-64DAD4AF7791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "14B5F6F6-562C-4D96-9556-E4EC084442D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "02562AA2-A140-4380-8769-E4837B4E0952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "C808CE91-D85B-49C9-8A4E-251F2250A4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.89:*:*:*:*:*:*:*",
"matchCriteriaId": "8724AE78-9BF9-4882-8596-64A89008A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.89c:*:*:*:*:*:*:*",
"matchCriteriaId": "9427E9C7-0B51-4066-9428-BE48D8BAD65E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF125DE-6BD1-4640-9710-6EE69CD8A871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "DE45B563-07B8-4F4E-80B4-C73216DF7295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "0303A619-21BE-49DD-8C08-F04DFB31FC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "197C2166-FCB7-467B-ABF1-E30E7DBD8816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "663DD631-661D-48FA-A090-A18536BA284A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEDED41-716C-4D7F-9D18-FF4672F51C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.99a:*:*:*:*:*:*:*",
"matchCriteriaId": "A15C127E-ED56-42D8-99F2-D07929487431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "DE555A15-8A1F-4133-9823-F915CE7A9D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.99c:*:*:*:*:*:*:*",
"matchCriteriaId": "93EDA6FA-A9F0-4007-881A-5C7A5C490739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.99d:*:*:*:*:*:*:*",
"matchCriteriaId": "332E032F-511F-493B-86C4-2AFB0BC18F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "795F6638-88FD-4314-8FCB-D485B455BBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C697AC-5E3D-4306-B702-8FAB46DEDB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "82EB41DC-CF89-4847-BF49-A50881490A49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "29AA9DB8-F638-4447-A7FC-2F817F23B80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "DF99202B-9891-4231-B8E3-D82DFC947BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6B3DAF-DF99-48B2-8E7C-BE8E043D4C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8F61D9-B7CA-40BB-8D7F-7DE0B4B2566F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "D524E8E7-DAEB-4CC3-907E-8D2E835D57A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29050958-EFD8-4A79-9022-EF72AAD4EDB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "584F6704-39E3-4D19-975D-ACD791DA1101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "03F745C8-CCF4-4DBF-B978-BCB710915888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "7F91B7DB-91B0-47E5-B1F9-30CD7BFBAE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "4784AFCE-EDA5-4AB1-B66F-441132E0BD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.1e:*:*:*:*:*:*:*",
"matchCriteriaId": "B72B58C7-78F1-451B-A416-0C4069D1480A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CB33B1-71B2-4235-A2C1-FCAEA9844A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7E887E-2D28-441E-A945-EE65375004BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "436F8C71-1780-4DC6-937B-8F1F51C7453D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "16F93C13-4AF0-4F10-9AAA-CC6BFD5CC11F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "6DBAABD9-68DA-449F-97D9-2110383C7BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.3d:*:*:*:*:*:*:*",
"matchCriteriaId": "73498D20-EAB1-4EAE-9FBA-DD91477D39FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9F50F-CAE1-49F6-BCF1-0E96155101F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "3113D349-2A78-47C7-92A1-F6B161A935F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "FF879FFC-E50B-4B63-9ED8-46732DAB1F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.4c:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6371CA-6A05-41E9-A2F1-57E8776AF977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.4d:*:*:*:*:*:*:*",
"matchCriteriaId": "CF454D5D-F9F4-4145-9D6A-00028079BFBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.4e:*:*:*:*:*:*:*",
"matchCriteriaId": "FE23E138-D40B-41CF-BB15-9DC859343597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.4f:*:*:*:*:*:*:*",
"matchCriteriaId": "DC318698-1D3D-4803-B687-37A993382099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF2C6F3-BFE7-4234-9975-DE7FCDA26A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "77986D51-C39F-49C8-8D19-E785BE048C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "D74D2A43-CD5D-4E78-B519-05AF7B43F940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5c:*:*:*:*:*:*:*",
"matchCriteriaId": "5A25230A-01B4-488B-BEE7-FB417D1FA7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5d:*:*:*:*:*:*:*",
"matchCriteriaId": "28AAA435-65BC-4D90-BF42-BF07BE4A30A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5e:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCF81F9-9A58-4397-AD5F-DC679391C6D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5f:*:*:*:*:*:*:*",
"matchCriteriaId": "C288D5D9-D45E-4576-B511-C54F817C0D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5g:*:*:*:*:*:*:*",
"matchCriteriaId": "784C3861-491C-4E7C-8B1E-48C3DE55ABBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5h:*:*:*:*:*:*:*",
"matchCriteriaId": "4042A89E-D9F8-415C-A0C2-2D234D3BF1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5i:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC6238C-0C86-4A90-9835-C1AF42A259AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5j:*:*:*:*:*:*:*",
"matchCriteriaId": "8F135843-9B08-4A6A-A4DA-53A9F4D30D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5k:*:*:*:*:*:*:*",
"matchCriteriaId": "13CDBDA0-160E-4407-8668-A73E6B288267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5l:*:*:*:*:*:*:*",
"matchCriteriaId": "58BE9D06-4384-4E14-B0EE-78FA5884DF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5m:*:*:*:*:*:*:*",
"matchCriteriaId": "0A13440D-E411-46C9-B965-A8B5E7EC2A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5n:*:*:*:*:*:*:*",
"matchCriteriaId": "62ABF3AA-1763-408F-BC8C-F21A2A4D8446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5o:*:*:*:*:*:*:*",
"matchCriteriaId": "7016EE48-2980-4135-A893-3F64484E4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5p:*:*:*:*:*:*:*",
"matchCriteriaId": "15378A0E-B754-46A5-874A-369D903E0DD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5q:*:*:*:*:*:*:*",
"matchCriteriaId": "96E2002E-180D-4AB9-9575-B117B2E78295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5r:*:*:*:*:*:*:*",
"matchCriteriaId": "122A09C4-EA58-48D2-ACE6-CEF44B027E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5s:*:*:*:*:*:*:*",
"matchCriteriaId": "5FCCC376-2DF5-4F09-8DB7-5E9834A42EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5t:*:*:*:*:*:*:*",
"matchCriteriaId": "1426808E-BEBE-430E-8536-4957AFA338EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5u:*:*:*:*:*:*:*",
"matchCriteriaId": "50E21EFB-EA8A-47FB-BF1C-85E959827839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5v:*:*:*:*:*:*:*",
"matchCriteriaId": "528F26EF-33C7-48D3-AE6A-2B25D1DAB070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B79DC5F-5062-4031-BA11-746EE3C8E1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEA93F-6ECE-455C-889A-3C9B960DBB06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "C22EB70E-CD5D-4ECD-9EC4-483EC8282458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E85239-F2CD-47D5-BCF4-B351C83424AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "07FF0DB3-0A02-43E8-8AC3-19CBCC6908AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "FC046FEF-14BD-42A0-8EA8-B1A7EAE5A357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FB131026-817E-4302-8610-DCE0802956A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6j:*:*:*:*:*:*:*",
"matchCriteriaId": "B62C2841-737B-4D0A-BD41-C5FF0172CB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD6DE25-8B2F-4DB9-9969-8AAC23BC0AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "35F2B503-1516-465D-A558-9932BDB3457D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BA94EAAA-A4D2-4E36-BC69-BBE9644FE970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A7C96C-8FBB-42B4-937E-3321C939CC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94084356-D39B-41B2-AC24-0ADAD0BF5988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "086C6335-7872-46A7-AEB1-9BE5AE5A788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8233B1-04A0-4E25-97EE-CF466B48A12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FA714E7E-05EF-4598-9324-887BC66C675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CF3B73-D3B9-4D76-B411-C837BCE0806E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1752D91-3468-4E22-B60F-6789B3CBD7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F433AA7E-A780-4D45-AD1A-5A4CE1F3FCD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "93E210A7-489B-4EA7-A840-599523157DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B37565FA-72F5-4063-8D7A-97BC269F020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8FA821-818E-4BC7-834B-94EB5C042390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FBF3D3-95A6-4869-8A69-F0E5ECA40220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D07785D0-E995-4208-AB8C-43B320D291F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "152DDD6E-CF56-4E1C-BE4D-C7BC0FD9B08C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "19BBA666-4473-4C6D-BF48-34EF3F09AD7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DDF6CC-7997-47E7-96D3-8DC10F1D17F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A1926DD0-0A9B-4F9D-BB4F-AC7AB0B3F0E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2763A6C7-DBBA-4E2A-917C-B6FF524B9891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DECDF8-7742-4D58-99FA-100A01748B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4FD3B1-3A68-4122-AA50-31BFC6C50408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "45790331-CE26-457F-8649-F027703E73EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0BFE2D-5C7B-42E0-B783-8C5907CA8635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD993C1-70B6-4ACB-B958-94E7EF973A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "C085686C-A0AA-4F56-9E7D-B5CB24B890D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D02A5197-06B9-469E-9817-45BB23324042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB6BE37-E564-4E42-BE39-36DD301C37A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "314209F2-E0A0-4045-8108-8E7215312442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "11A8ECBB-7E50-4447-88E2-893C1466C251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8F24A5-F5C3-495F-9AF0-2EE836E0147A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "46DE2DE3-F081-4B80-A4DA-C5AB27B3CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "71EF1D77-7838-47DF-B6A2-DBBAC0058FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "76BA4FEA-FEB4-47A9-9DFF-A233CEE03D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB5A63-E89E-48AB-A846-107EBEC71D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "2181FEEB-D07E-490C-9953-3490D87B63A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "36DC41DD-A291-4ECE-84B9-574828AA2A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "015D1E36-17A1-4413-B1FB-5DF4C36712BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "F64CE8F2-22B1-43F8-8934-CBCD2EFBA85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB15BE8-1B88-4117-AF14-3AA2B54DB323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CB2728-4CC7-46EA-809B-450A9BB9F884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "96638963-D264-49AD-9B77-497C3DA23DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "88544BBE-29A1-4622-B3E6-FA4B891A9B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "DD658D98-9A4D-4DC2-A935-BB3BF0E0FB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF819AF-AC11-4BD9-A070-572836A65FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "2EEAC62D-BF2B-40DF-9428-FFBF7CA09471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "36327723-F953-4BD3-A525-930DDCF7931D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7D482811-2EF1-47AE-A41C-7532AC6DEF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0EE98D-0596-4147-9EC4-F3616BF2B901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "62F15027-0E80-48B7-9ECD-9E7228F0E81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "99904D7E-0046-4481-99B6-01710D4FC848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB33B4E-E69A-4002-816C-24CCD49682F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "42A4FAF1-4B81-47C4-BFB7-6052524A2DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "686A50C3-93E1-4C3F-8089-322BE26E6317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD67FEF-E6D3-449B-B2E9-14A69AD8E923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8B4549-007C-4572-86D9-F51A7B3FC586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "27E469B0-BF89-45AD-96BB-C7E2E5D08221",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C036011A-9AE1-423C-8B73-188B9BA20FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "663C6EE5-5B5E-4C0F-9E7F-D0E1DA9AF9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42056C63-69A7-43CF-828C-0C3E365702D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6A39A3-7F86-4DC3-B248-859630AFB9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "005C2DA4-D00E-4206-851E-9226D66B5F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "857B664A-C6F9-45E3-93EA-C0F53CEF5C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3E3BF3-4376-4692-A515-A7B6593F28F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1AC712-110D-458F-B650-930C6D45CA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F848FA5-9682-454F-A9DE-671C4401F15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B83678-98A1-440E-950C-4A27995C7294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "95EABD7D-1F18-4FA5-BAA9-F8D69129E531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3988FA1B-18D9-46AA-87BA-A6B01D4F4B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "09E2B608-6C70-446F-A3A7-369048D99855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA00AE0-F447-4361-AA37-0C98BDE491E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "21DACE94-FBDC-4A3D-8DD6-E62D18F5EE7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEB8F61-195E-41DE-90CE-22854055E9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F72B91-1F7F-41EB-ABC8-1B50AFEC70EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "111091B9-CBAE-4FC7-8B97-7D2345BFCB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "54C6D9D3-50B2-4A63-B3D1-C76C70F4443E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DEFD05-10EE-4242-B885-FD1B0DF6CAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F9A6DB-19BF-4798-879E-9BD4AD5EFF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "31EE280F-D76D-478B-ADD6-D5F2C7574A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BE9ED0-685B-41F0-A984-D33E7034AEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*",
"matchCriteriaId": "07B00AD3-D13C-45B5-A13A-9092D40F4A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*",
"matchCriteriaId": "14222EA8-E8ED-4818-ACB4-C6A13643F210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*",
"matchCriteriaId": "A22C28DD-5C99-4722-9093-A1E82A2C2808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10CD562E-1F06-4779-A29C-4069E3C86B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "4D83D507-64AF-4158-97B9-1353E2F8EE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF6249D-5AA8-4EA3-A92A-0E492FE5B811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE7F259-40A2-4866-8EF8-44A9913EC4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*",
"matchCriteriaId": "03C20A42-6A77-43D4-80D7-332BB2DF1B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC5DBB-249B-4EED-9F54-E23CB1919ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "D20664A4-4816-4F57-82BB-F4116FA33A41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "64226521-0723-4259-B214-0D2A35CF5FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*",
"matchCriteriaId": "6ABEEBFE-A8C8-40D4-97D8-F06676E67478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*",
"matchCriteriaId": "47831D80-33AC-4A13-B92D-3D2CBF215955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED428C8-E6AB-4BB1-BE7D-543B2A19410F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.55:*:*:*:*:*:*:*",
"matchCriteriaId": "00EFBF77-B771-4A52-B4FF-6346F4B69968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.56:*:*:*:*:*:*:*",
"matchCriteriaId": "B7568641-1AB0-4158-A34F-F9A36169C1E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D5DAA1-3632-48D7-A657-4A4C83A119D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5AE8E0-3C11-4EE1-A599-4D70C6A13F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD36C3B-3C02-488B-B480-EA091D702CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BAD272-D4B6-40CE-B5E9-63145E12B638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEB311C-766D-4070-A0BE-9CE4593C8F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C185BF59-68E4-49F8-802F-C06FE840FF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C399B31-B8EC-41C4-B6AB-83BABC474374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B00AF5F-D4F5-490C-8BF4-2B33EFBF15A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9AEB1D-0AA7-4842-9CF9-91BFD8B58A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "09150152-5DEA-4FA2-9163-63EAF4D83DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "45E5068A-42BE-478B-8C00-FE23B7837DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "023CCFB0-7995-408E-928A-76C5BD9B4924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "493F615D-DB81-48B3-9E74-C32544A01372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F12925-44F7-4790-8A06-345EB3DCCB71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5BF226-D62F-4F54-B771-EB108FD256FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EDBFCB-96DA-4A36-873A-3164975BE997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDB15BE-BDD2-4210-B224-A520E8DC7D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "70D3AD38-CCE7-47E6-8225-C0BFC3F10E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4D176C8F-C91F-47C8-AEC8-377324944421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "37BF798D-391A-4207-BBDB-23A7156F66B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.55:*:*:*:*:*:*:*",
"matchCriteriaId": "00EFBF77-B771-4A52-B4FF-6346F4B69968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2ECD2B-A847-42FB-B5B3-DAFC40B2E513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8BC209-45B9-44D6-A26D-0B570ED5BB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6644ED2F-66F3-469D-8233-72FE7321E850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF0E757-9E9C-4022-B32D-3F0E9C815FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34978D-6ABE-463E-AB48-21CC55B7D157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4568BB-F5FF-4BBB-9DA3-E66C2BFA2416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "246CF13F-FDC1-499E-9FC1-5624D54E9E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC66FD43-421B-4223-BA32-EC47B51E1091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F5664B-5AB9-4DE4-99AA-8FD32DBA4A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7712376-D776-4814-A041-FBFEAC70ADC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "103E5ECE-126B-4C93-A3C8-979DCCA4EB5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "65DEDF02-9239-497C-94DB-DAF80B6B4F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAAECD8-0C16-40CC-BA8A-97DF38BAF668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "84D9B3E6-D32D-4E4B-908A-39FAC3D5F618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2DB1EF-B961-4C56-8519-242419B6AB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDE2351-2B17-4C1A-A625-6C7DE691039A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "5426F3F0-CF21-45D4-9071-F8F7865A7619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "25147E8F-7385-4393-BE21-E3347610F003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "19C06F50-7C48-4FD6-B0C9-6C9B643742B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DA562433-F6F5-46C1-98DE-8309BD940260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CD684587-0D7E-411F-B9E3-14CBE4954499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB9178D-DEEF-4D2C-9347-F553312129C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3157A738-20EB-4BE0-A58B-E21DDA64EDC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "6D70C6B1-2360-48C9-931D-BAED79151DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "29F79896-3EF0-4F53-8EBC-66D811E2C315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C8AE4F-0473-4B52-8DB4-31022057FD71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "19EF6CC6-7C8D-4199-AB4C-416DEFC203C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "78CD6AD1-5C8E-4AF4-92CC-CC888479B50C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.55:*:*:*:*:*:*:*",
"matchCriteriaId": "00EFBF77-B771-4A52-B4FF-6346F4B69968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0D174-F35C-488B-8577-00EFB7741089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDC5DA5-F2A7-4819-BB9D-258EB9AB7857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27B34D78-C0BC-45DC-AD84-F5F13451ED7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D3A7EC-774C-423F-BDE1-CDCB9433D87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B898B95-CF41-4813-8FE7-776BD59A6A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5E5899-5A3F-49A1-B18C-4C97566B87BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C7897EEC-DE43-485A-B2CD-E8623A6D2C8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC16FE2-E94E-45B9-94F0-B6434B21DD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8DAE31-CCA9-450D-90E5-B8F0490FB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "52FEB5C9-0C13-4FD6-876C-AAE7ED4E986C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2337F9F3-D26D-4A24-880A-800CD5C16795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "31F71BA3-5402-448E-9068-EB0DCA1D62EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5418D311-FC7D-4B46-950B-17094775D9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "AD67323A-8463-4B8F-B370-40C2ACFF4D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2BBA4F43-0FD0-4D7D-84A0-37C8E79B9B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "71E01CC8-1C29-4C46-8213-B48A2364CE8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "89FCEBCA-0AFB-42FB-9BB5-CB4EE7C38336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "62B29838-8B2F-41AA-A654-58255C4D1EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "480007D1-0121-4966-9995-9E491848681A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "162CF84D-0B1B-4920-B2F8-C812CA3DF18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21F23388-AFDC-4D1B-A7C1-54932F756867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "323FFAF9-7A94-4210-BB0B-5A4A48AA39F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDCAB06-4B2E-4906-8212-C5D96B4973CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F7BD7C-5A00-4E08-A60B-9D73ECD6BC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4073D2-BCC9-45CE-AF91-849E28F8ACEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "FE88B539-402F-40BB-A3D9-910E551037CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E9413615-7505-451D-989A-36724A38E3F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure."
},
{
"lang": "es",
"value": "La funci\u00f3n png_set_text_2 en libpng 0.71 en versiones anteriores a 1.0.67, 1.2.x en versiones anteriores a 1.2.57, 1.4.x en versiones anteriores a 1.4.20, 1.5.x en versiones anteriores a 1.5.28 y 1.6.x en versiones anteriores a 1.6.27 permite que los atacantes dependientes de contexto provoquen que los vectores de desreferencia de puntero NULL impliquen la carga de un fragmento de texto en una estructura png, la eliminaci\u00f3n del texto y la adici\u00f3n de otro fragmento de texto a la estructura."
}
],
"id": "CVE-2016-10087",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T22:59:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95157"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201701-74"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3712-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3712-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-74"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3712-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3712-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-15 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://libpng.sourceforge.net/index.html | Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html | Third Party Advisory | |
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/01/09/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34320 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34388 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200903-28.xml | Third Party Advisory | |
| cve@mitre.org | http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local&forum_name=png-mng-implement | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1750 | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2009:051 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/48128 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.sourceforge.net/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/01/09/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34320 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34388 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200903-28.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local&forum_name=png-mng-implement | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1750 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:051 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/48128 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | * | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43E68AFA-10FF-49C5-B2AE-6C3B91B5EE32",
"versionEndExcluding": "1.0.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63448D4F-B6B7-4CBD-AC5F-FB8C4FE12FB3",
"versionEndExcluding": "1.2.34",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the \u0027\\0\u0027 character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability."
},
{
"lang": "es",
"value": "La funcion png_check_keyword en pngwutil.c en libpng anteriores a v1.0.42, v1.2.x anterior a v1.2.34, permitir\u00eda atacantes dependientes de contexto poner a cero el valor de una localizaci\u00f3n de memoria de su elecci\u00f3n a trav\u00e9s de vectores relacionados con la creaci\u00f3n de ficheros PNG con palabras clave, relacionado con la asignaci\u00f3n del valor \u0027\\0\u0027 a un puntero NULL. NOTA: Algunas fuentes informan incorrectamente que se trata de una vulnerabilidad de doble liberaci\u00f3n."
}
],
"id": "CVE-2008-5907",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-15T17:30:00.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://libpng.sourceforge.net/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2009/01/09/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34320"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-28.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local\u0026forum_name=png-mng-implement"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://libpng.sourceforge.net/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2009/01/09/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-28.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local\u0026forum_name=png-mng-implement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48128"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat does not consider this bug to be a security issue. For a more detailed explanation, please see the following bug:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5907",
"lastModified": "2009-02-11T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-06 14:55
Modified
2025-06-09 16:15
Severity ?
Summary
Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html | ||
| cve@mitre.org | http://seclists.org/oss-sec/2014/q2/83 | ||
| cve@mitre.org | http://sourceforge.net/p/libpng/bugs/199/ | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/67345 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q2/83 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/p/libpng/bugs/199/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/67345 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | 1.5.0 | |
| libpng | libpng | 1.5.1 | |
| libpng | libpng | 1.5.1 | |
| libpng | libpng | 1.5.2 | |
| libpng | libpng | 1.5.2 | |
| libpng | libpng | 1.5.3 | |
| libpng | libpng | 1.5.4 | |
| libpng | libpng | 1.5.4 | |
| libpng | libpng | 1.5.5 | |
| libpng | libpng | 1.5.5 | |
| libpng | libpng | 1.5.6 | |
| libpng | libpng | 1.5.6 | |
| libpng | libpng | 1.5.7 | |
| libpng | libpng | 1.5.7 | |
| libpng | libpng | 1.5.8 | |
| libpng | libpng | 1.5.8 | |
| libpng | libpng | 1.5.9 | |
| libpng | libpng | 1.5.9 | |
| libpng | libpng | 1.5.10 | |
| libpng | libpng | 1.5.11 | |
| libpng | libpng | 1.5.11 | |
| libpng | libpng | 1.5.12 | |
| libpng | libpng | 1.5.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A83C24-6658-4687-9391-21EE7969A5E4",
"versionEndIncluding": "1.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8BA2974-AF9F-4382-B443-F54354B5623A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8BC209-45B9-44D6-A26D-0B570ED5BB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "468B1A0E-AF58-42C4-9801-D6F83F283360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6644ED2F-66F3-469D-8233-72FE7321E850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "B36D610D-F86A-4D46-B0F2-884FFA601C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8A976DD-87FA-425D-8E07-E3CFC4D3FD05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34978D-6ABE-463E-AB48-21CC55B7D157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "3716FF0E-AD20-46F8-B8F6-3EC42D427C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4568BB-F5FF-4BBB-9DA3-E66C2BFA2416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "E5300EC4-B3A0-42C5-8D39-67AB75C47153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "246CF13F-FDC1-499E-9FC1-5624D54E9E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "D5840A8E-AB64-40A9-8BB6-EB6BA51D40B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC66FD43-421B-4223-BA32-EC47B51E1091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "EEC9D57C-47F2-4773-85B6-FFB0C4681E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F5664B-5AB9-4DE4-99AA-8FD32DBA4A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "5CD1C8E6-DF35-47F7-877F-001AD62B57CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7712376-D776-4814-A041-FBFEAC70ADC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "DF69B34E-F7FB-4F4C-AF7D-ACD165B1233B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.10:beta:*:*:*:*:*:*",
"matchCriteriaId": "F7CC2E64-E48C-4DE6-892D-06A0B806A51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "65DEDF02-9239-497C-94DB-DAF80B6B4F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.11:beta:*:*:*:*:*:*",
"matchCriteriaId": "5BE62DB2-664D-4E0A-840F-09D13E41704A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAAECD8-0C16-40CC-BA8A-97DF38BAF668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.13:beta:*:*:*:*:*:*",
"matchCriteriaId": "561D5D7A-1933-4A6D-940E-8DD035AA31B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en la funci\u00f3n png_set_unknown_chunks en libpng/pngset.c en libpng anterior a 1.5.14beta08 permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y ca\u00edda) a trav\u00e9s de un imagen manipulado, lo que provoca un desbordamiento de buffer basado en memoria din\u00e1mica."
}
],
"id": "CVE-2013-7353",
"lastModified": "2025-06-09T16:15:23.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2014-05-06T14:55:05.010",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q2/83"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sourceforge.net/p/libpng/bugs/199/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sourceforge.net/p/libpng/bugs/199/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67345"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-10 12:15
Modified
2024-11-21 03:49
Severity ?
Summary
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/glennrp/libpng/issues/246 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201908-02 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20221028-0001/ | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/glennrp/libpng/issues/246 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201908-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20221028-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | 1.6.35 | |
| oracle | hyperion_infrastructure_technology | 11.1.2.6.0 | |
| oracle | mysql_workbench | * | |
| netapp | active_iq_unified_manager | - | |
| netapp | oncommand_api_services | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "16095D8B-1CDD-478C-BC8D-2D3DFCE3CD1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37A1E0FB-F706-4FB7-86E1-18268A744A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1A94E1-A6C6-488D-A74C-6C0B24637272",
"versionEndIncluding": "8.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png."
},
{
"lang": "es",
"value": "Se detecto un problema en la decodificaci\u00f3n PNM de terceros asociada con libpng versi\u00f3n 1.6.35. Es un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n get_token en el archivo pnm2png.c en pnm2png."
}
],
"id": "CVE-2018-14550",
"lastModified": "2024-11-21T03:49:17.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-10T12:15:10.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/issues/246"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/issues/246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-11 01:13
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/31781 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/33137 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35302 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35386 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200812-15.xml | Third Party Advisory | |
| cve@mitre.org | http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement | Third Party Advisory | |
| cve@mitre.org | http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517 | Product, Third Party Advisory | |
| cve@mitre.org | http://sourceforge.net/project/shownotes.php?release_id=624518 | Broken Link, Patch | |
| cve@mitre.org | http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624 | Exploit, Third Party Advisory | |
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 | Broken Link | |
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 | Broken Link | |
| cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm | Third Party Advisory | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/889484 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2009:051 | Broken Link | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2008/09/09/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2008/09/09/8 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/31049 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2512 | Permissions Required | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1462 | Permissions Required | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1560 | Permissions Required | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/44928 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31781 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33137 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35302 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35386 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200812-15.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517 | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/project/shownotes.php?release_id=624518 | Broken Link, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/889484 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:051 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2008/09/09/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2008/09/09/8 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/31049 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2512 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1462 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1560 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/44928 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F293C5F-122C-49DA-880A-BA95EE79A42A",
"versionEndExcluding": "1.2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F44C0B27-5D6D-41E4-8EA9-F6F88D347C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "FE5DEC4E-76F7-486C-B4E0-F3D88695A9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "BC4807AA-BCD3-45D0-9C1D-4B8AD878B327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "F257A4AC-6B13-4D67-B168-AD5BF28962DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "11DDEF8A-B308-46A2-B368-C46688C3E54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "3426A085-E295-47A5-8D2F-C55451EB89BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "74E87513-DA93-4AE0-89FB-08902997810A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "97187A00-2680-45AA-AAE7-F16DD01957AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "14A3D8E7-AE1E-4D4E-9B9F-98CC50AF984C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "2C517B08-4D43-457D-BD00-6920CF2924B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "C7FC9A8E-0CE8-4B9F-AFFF-D8AFC16013AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "68658B69-A70B-4982-8E14-57202F8DA03C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "7CD59594-E67B-460E-A8A7-1A2A57187050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "52510ECE-10CB-4F8B-827E-8DB1784EA1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "1EF398FE-E664-460A-9B21-4B0C454A053F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "89799F7C-B866-4647-8A56-302F1E006506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "E43A4742-A419-49FA-9F60-F6E77E4D2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "4880A92D-3A86-451C-8995-54068FBB1B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "C7B88A47-4E4C-49E6-978C-468530C87C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta27:*:*:*:*:*:*",
"matchCriteriaId": "336375B9-8B1C-46F1-A512-4EE631A1E18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta28:*:*:*:*:*:*",
"matchCriteriaId": "E7229CC7-A325-4C68-BD76-BEE198E09F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta29:*:*:*:*:*:*",
"matchCriteriaId": "43803CBE-A2F4-40EC-97EB-63526240D5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8F0F7323-986F-4E3A-AA8C-BDBFA2B53F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta30:*:*:*:*:*:*",
"matchCriteriaId": "626FEAE3-ABDE-4E50-9549-6C2D4415EF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta31:*:*:*:*:*:*",
"matchCriteriaId": "AF5EE51D-586A-4454-B746-8A18FFA84005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta32:*:*:*:*:*:*",
"matchCriteriaId": "CCF71D7A-5B9B-4973-9143-D3625383A3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta33:*:*:*:*:*:*",
"matchCriteriaId": "6129A9F4-343E-4DCB-B252-DA0744A7C5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "1D4C2F83-2302-43B3-8DB7-EA4DD7D75283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "C88C4762-4EBE-442D-9154-89EFD8654409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1E512280-AC4B-401D-A499-A460AD1F2C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "76C52B6B-9CCB-458C-ABF9-5E334ABB107B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "84EE5F48-E15F-4CE9-84F3-9859F72D9651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "35B244AD-138C-406D-99F4-E33BDF87BFA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de entero en libpng versiones anteriores a 1.2.32beta01, y 1.4 versiones anteriores a 1.4.0beta34, permiten a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) o tener otros impactos desconocidos a trav\u00e9s de una imagen PNG con fragmentos zTXt manipulados, relacionado con (1) la funci\u00f3n png_push_read_zTXt en pngread.c, y posiblemente relacionado con (2) pngtest.c."
}
],
"id": "CVE-2008-3964",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-09-11T01:13:47.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31781"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/33137"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35302"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35386"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com\u0026forum_name=png-mng-implement"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=5624\u0026release_id=624517"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=624518"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2095669\u0026group_id=5624\u0026atid=105624"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/889484"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31049"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2008/2512"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/33137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com\u0026forum_name=png-mng-implement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=5624\u0026release_id=624517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=624518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2095669\u0026group_id=5624\u0026atid=105624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/889484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2008/2512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44928"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. These issues did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2017-08-07T21:32:18.343",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-12 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | ||
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | ||
| cve@mitre.org | http://secunia.com/advisories/35346 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35470 | ||
| cve@mitre.org | http://secunia.com/advisories/35524 | ||
| cve@mitre.org | http://secunia.com/advisories/35594 | ||
| cve@mitre.org | http://secunia.com/advisories/39206 | ||
| cve@mitre.org | http://secunia.com/advisories/39215 | ||
| cve@mitre.org | http://secunia.com/advisories/39251 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200906-01.xml | ||
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.551809 | ||
| cve@mitre.org | http://support.apple.com/kb/HT4077 | ||
| cve@mitre.org | http://ubuntu.com/usn/usn-913-1 | ||
| cve@mitre.org | http://www.debian.org/security/2010/dsa-2032 | ||
| cve@mitre.org | http://www.libpng.org/pub/png/libpng.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2010:063 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/35233 | Patch | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1510 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/0637 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/0682 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/0847 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/50966 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00218.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00630.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35346 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35470 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35524 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35594 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39206 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39215 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39251 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200906-01.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.551809 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4077 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ubuntu.com/usn/usn-913-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2032 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.libpng.org/pub/png/libpng.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:063 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35233 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1510 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0637 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0682 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0847 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/50966 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00218.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00630.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | 0.89c | |
| libpng | libpng | 0.95 | |
| libpng | libpng | 1.0.0 | |
| libpng | libpng | 1.0.1 | |
| libpng | libpng | 1.0.2 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.10 | |
| libpng | libpng | 1.0.10 | |
| libpng | libpng | 1.0.10 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.13 | |
| libpng | libpng | 1.0.14 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.16 | |
| libpng | libpng | 1.0.17 | |
| libpng | libpng | 1.0.17 | |
| libpng | libpng | 1.0.18 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.20 | |
| libpng | libpng | 1.0.21 | |
| libpng | libpng | 1.0.21 | |
| libpng | libpng | 1.0.21 | |
| libpng | libpng | 1.0.22 | |
| libpng | libpng | 1.0.22 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.18 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.30 | |
| libpng | libpng | 1.2.31 | |
| libpng | libpng | 1.2.33 | |
| libpng | libpng | 1.2.34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AABEC89B-60F1-4ECB-AA31-FA1BC8C1A8FC",
"versionEndIncluding": "1.2.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.89c:*:*:*:*:*:*:*",
"matchCriteriaId": "9427E9C7-0B51-4066-9428-BE48D8BAD65E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "DE45B563-07B8-4F4E-80B4-C73216DF7295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6B3DAF-DF99-48B2-8E7C-BE8E043D4C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29050958-EFD8-4A79-9022-EF72AAD4EDB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CB33B1-71B2-4235-A2C1-FCAEA9844A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta17:*:*:*:*:*:*",
"matchCriteriaId": "AA9ED9B2-D9D4-4200-B387-21A893453E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta18:*:*:*:*:*:*",
"matchCriteriaId": "3983C9FC-7546-41BE-8E22-B3471DF9F3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BFAB3DFB-58B7-4713-B88B-26424D639B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2131F2BB-80E3-46A0-A0D8-4450C625A525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "35F2B503-1516-465D-A558-9932BDB3457D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C686308E-1A71-40E5-BCDE-5144217D41A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:beta2:*:*:*:*:*:*",
"matchCriteriaId": "D1F37F93-8BE1-4716-B35D-1CB2629867A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:beta3:*:*:*:*:*:*",
"matchCriteriaId": "AF4127BB-2A91-4243-B3ED-10D945B6995A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E09AAB1F-14FB-42E9-8983-30D2164EA0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "50190A04-5CF2-400E-BAE4-9C7F177ECFE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BA94EAAA-A4D2-4E36-BC69-BBE9644FE970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta1:*:*:*:*:*:*",
"matchCriteriaId": "AFB264E6-1640-459C-8DD0-C9D72124F125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta10:*:*:*:*:*:*",
"matchCriteriaId": "2A6E3454-14E2-43C8-8E71-1E800FCBE9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta2:*:*:*:*:*:*",
"matchCriteriaId": "BA610E96-CE50-46B0-B695-F4A5FA77AB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta3:*:*:*:*:*:*",
"matchCriteriaId": "30459EAB-E65B-4487-A90F-389477F0BA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E89FFA90-6AB5-4587-8F40-E7001E4DD470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta5:*:*:*:*:*:*",
"matchCriteriaId": "A2FDACC8-7BFD-477E-A79A-C933CB5C8EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9139F742-A946-4D2F-9C14-95216C06ED4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta7:*:*:*:*:*:*",
"matchCriteriaId": "0DBCDA70-BB1B-4408-A2F3-ADB7A7B77A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta8:*:*:*:*:*:*",
"matchCriteriaId": "AA4D368C-C167-4CF3-9013-FFC297D1D977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta9:*:*:*:*:*:*",
"matchCriteriaId": "D3571DD2-5200-48AE-83C9-B1DFF3A1FEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "782DFA55-BB92-41CD-A4DF-D986C387EB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2601CCF9-3A89-4EEF-9941-894AEAF89F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A7C96C-8FBB-42B4-937E-3321C939CC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.10:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BFE11FC5-8A49-434E-B828-AE7C011B03CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "265EC12C-6239-4367-9769-73AC999556F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94084356-D39B-41B2-AC24-0ADAD0BF5988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6DA772E3-B022-4F5E-8D43-C0BE64F187D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C6589696-904B-4F7B-84F7-0E8D2F0ACFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F5CF8EED-F09B-4AB8-A0F1-1F8DBB5385BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C3909436-175A-4DC7-956F-C0905DA579FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "086C6335-7872-46A7-AEB1-9BE5AE5A788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CB0532A8-3F66-49D3-95BF-2E78DB6EC471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FED11C9F-4E2D-4364-AEEC-43E61531BA9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8233B1-04A0-4E25-97EE-CF466B48A12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FA714E7E-05EF-4598-9324-887BC66C675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CF3B73-D3B9-4D76-B411-C837BCE0806E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEC7C52B-0D8D-4509-B9B5-B12E54EA3A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AB0514ED-C8F8-4F15-A40F-04D643F3DB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D77DCDC0-29DD-4BC8-BE30-3A348963F821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1752D91-3468-4E22-B60F-6789B3CBD7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F433AA7E-A780-4D45-AD1A-5A4CE1F3FCD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4338C87-B3CB-4CA7-BFAA-ADA1D919F203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "93E210A7-489B-4EA7-A840-599523157DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B37565FA-72F5-4063-8D7A-97BC269F020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "434AED09-680D-43BC-B9CA-E78028035CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "009AF32A-19B9-4E56-B5D2-2D19082EF102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2643AA61-AB01-4252-8E50-81D5C74F8707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02552E07-D9C8-4DF8-AD63-B3A7B5C2C2DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8FA821-818E-4BC7-834B-94EB5C042390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FBF3D3-95A6-4869-8A69-F0E5ECA40220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "425B207B-D11B-468B-A2C6-BDF276AE4264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8B0055B-D0F1-4D8C-AE96-06315FFCC602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D07785D0-E995-4208-AB8C-43B320D291F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A42AC8B9-BEB2-4495-8A42-2AEDB29A3DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "152DDD6E-CF56-4E1C-BE4D-C7BC0FD9B08C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "76C2D14E-FD1C-430A-AC08-D61F997D8BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C036011A-9AE1-423C-8B73-188B9BA20FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F008946C-43E9-4ECD-AE9F-486A4686AE87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6A4D6BB0-8E1A-49A4-BBC9-CBFA252C92A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CFE1DB59-0A60-432B-9D88-906C4FE6D6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C111BDD4-2A52-4FB7-8D21-6049A10BCDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6B33807C-8E7B-4A04-BE92-59C1B845AD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1614466-8EAC-4404-A674-EFFE0FFFBDC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "663C6EE5-5B5E-4C0F-9E7F-D0E1DA9AF9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FF2D5068-5BF3-425C-8B1A-E12E3D3CD8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "BF4F7833-4F88-4C54-AEC7-3C4FB797AE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F2A973ED-CA5B-4A18-ACAB-1542E3866896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "FA737702-6335-42F9-99B9-856D531B70F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8EAD9719-2736-40AE-BBEB-8BA627E8DF7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62693E5F-2EF6-49B5-9946-42CE61F4ACFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8051459E-94D3-4D4A-9D40-CC9475DDB00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "65ACA253-BDE7-4CAE-8F74-71EBA4728358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9C776F58-A76E-4ED3-825B-52ADFB38D0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FF62B46E-37C4-426A-8854-E961BEB543E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C5EDDB54-70C6-41D0-AC5C-C10F8D107964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CAEAB037-F146-444F-A867-D08BD48DA6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta6:*:*:*:*:*:*",
"matchCriteriaId": "4962A86F-C9F5-4F03-AFCD-D2E6FD08BD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47CF2A43-2D15-4D70-A424-C12053D1A6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42056C63-69A7-43CF-828C-0C3E365702D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C6577A0A-B689-424E-BAAE-BD5DF2615311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:rc6:*:*:*:*:*:*",
"matchCriteriaId": "511E1319-C882-4761-ACD5-84617B78578E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3E3BF3-4376-4692-A515-A7B6593F28F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E83B68F-B0E2-4C37-A711-1714652AB961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4F17A4B7-99C2-407A-9536-4B54EDC02899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F854F244-78C9-46C6-8862-1DA58912FCE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta4:*:*:*:*:*:*",
"matchCriteriaId": "9A4C883A-A2A3-4D5F-8114-CE9220FFF7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta5:*:*:*:*:*:*",
"matchCriteriaId": "3544F0FF-3EEE-4902-B412-EB57D6AE7A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta6:*:*:*:*:*:*",
"matchCriteriaId": "5F428FF4-21A8-4605-AFCD-E78F43E46AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta7:*:*:*:*:*:*",
"matchCriteriaId": "7132AA21-DC2F-4493-9BCC-27E3D8F075AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B65F8362-934F-452D-8E86-0DB2E3C7B43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "934D0AB5-62FB-4EC1-971A-A1BA8EEAD008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5891F237-D1DB-4CCE-8A8B-D10E7EDCB926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6AF9D5-CE60-4FC9-91AB-E243F0D429E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E114E18D-2882-4843-9356-279C69ABCBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta2:*:*:*:*:*:*",
"matchCriteriaId": "5E271694-B8C8-4BCF-8B4A-0425BA50EF6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E36CC085-34FF-4B84-8628-74BEEC686C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta4:*:*:*:*:*:*",
"matchCriteriaId": "06793BE6-3370-4FCB-A400-C6AF95D1E66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE742D36-3A33-4316-8326-FA2F1B228E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "25D0C5E1-4D8D-42EE-8C94-12D442181DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3326F984-8312-4E7F-A269-0A06FAC8BE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "290CF6FC-3BD6-4974-9DEC-188B79DC816A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F848FA5-9682-454F-A9DE-671C4401F15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:beta1:*:*:*:*:*:*",
"matchCriteriaId": "782ABB64-C2F2-4326-A69F-75E514055C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0EF9CEE2-8DB6-480F-970C-E19FEF31D0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "28C13A65-C0D6-4904-8C92-E5233D7E5CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B83678-98A1-440E-950C-4A27995C7294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:beta1:*:*:*:*:*:*",
"matchCriteriaId": "38993FC7-12DD-4D75-8EC6-719C0AD66191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:beta2:*:*:*:*:*:*",
"matchCriteriaId": "0CAF82B9-020B-48FD-BE3D-70B8A7A8CDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C43481DF-59C5-4E9B-8CB9-49E4873B7263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9EEE31-479A-4370-BF00-C26C1AF502B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BFFC71CB-0B01-4A34-85B8-8A27C1E7D451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EC53C1C7-ED9C-44C2-B446-0426E4C92D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B996835E-97DB-47B1-80B9-BE757680CAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AC7256E6-502A-47A5-A692-90162AA40AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta5:*:*:*:*:*:*",
"matchCriteriaId": "53E7BDBC-5BF8-4BA3-959D-1D16ACD558D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta6:*:*:*:*:*:*",
"matchCriteriaId": "79B6B4A0-9B7E-4835-9F82-2B1D1AF955AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "27BBC74C-51A3-48BB-B867-3A5F58AD8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DEDAB32-9D5C-4F12-B9E4-ABEA615DC11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C3DA5585-140C-4F27-8654-BCFCB12659B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc4:*:*:*:*:*:*",
"matchCriteriaId": "AA8F6085-9769-44DE-8E43-FAB7C7791A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5A4D700F-AA36-4A5B-8BD3-3BD9A452D743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "95EABD7D-1F18-4FA5-BAA9-F8D69129E531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D6045135-54AF-4B83-9279-47BB1DB67172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DBB7D1F1-7959-4459-827C-90B193F58269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A6F2F0-E088-458F-813F-5B45EA01B77F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "65B836CA-3740-48B0-966B-21E65EF3D636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:beta1:*:*:*:*:*:*",
"matchCriteriaId": "96308F2E-E2DE-4C0F-B0A6-7FDFFF67A0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A21785C-989F-4E72-932B-E77892EF492A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0D832C4A-0793-4B64-944D-086CF614CAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7C8E2232-7077-4CE4-9141-80F2F744F0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "38CDA418-F580-4625-9D84-F01EA5D0FC5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D0FB8DC5-ABD5-41BE-99EC-E610504D6F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3988FA1B-18D9-46AA-87BA-A6B01D4F4B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51A46409-7AC6-45DB-B92D-29988C445BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53B41406-956A-48C9-9CDA-D7257D19E6F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta10:*:*:*:*:*:*",
"matchCriteriaId": "B100CFD4-788C-44BF-A55D-225F72314A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta11:*:*:*:*:*:*",
"matchCriteriaId": "7B6BFCBC-F3E9-4CDD-833F-01D51594B0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta12:*:*:*:*:*:*",
"matchCriteriaId": "589DC20E-E642-4BC7-83CD-01323D7F6236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta13:*:*:*:*:*:*",
"matchCriteriaId": "6A9B81C1-EAF8-44B6-A4FD-2568FFBB6FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta14:*:*:*:*:*:*",
"matchCriteriaId": "22EBF19B-7E53-4627-AE87-6B7C4ACD88F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta15:*:*:*:*:*:*",
"matchCriteriaId": "43744C82-D271-4BF3-9AD8-A48C1B5BA33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta16:*:*:*:*:*:*",
"matchCriteriaId": "FD68995C-816C-4E25-B8B3-0BC808490D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta17:*:*:*:*:*:*",
"matchCriteriaId": "6EDC3AE7-569F-4016-B35E-E8B8B3456959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta18:*:*:*:*:*:*",
"matchCriteriaId": "17068432-BFE0-4BE1-A86B-7D6562D18103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta19:*:*:*:*:*:*",
"matchCriteriaId": "A0F0F2AF-748A-411A-8B95-45A04800FF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta2:*:*:*:*:*:*",
"matchCriteriaId": "945C0B80-E562-4495-849E-23EE406D2EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta20:*:*:*:*:*:*",
"matchCriteriaId": "5E91B287-CDFC-4791-95D5-54AC847877D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta21:*:*:*:*:*:*",
"matchCriteriaId": "1F09C15E-E20C-473D-AF13-5509669DA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta22:*:*:*:*:*:*",
"matchCriteriaId": "36FD7096-C215-4CCA-B0BE-244E9708E947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta23:*:*:*:*:*:*",
"matchCriteriaId": "4AC8DAFE-64A5-47C6-BE99-093E744181B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta24:*:*:*:*:*:*",
"matchCriteriaId": "C075C36D-D191-4165-A2A8-A8BA6AD93862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta25:*:*:*:*:*:*",
"matchCriteriaId": "F7E9A4DE-C0B7-4951-97D2-26EFFE065A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta26:*:*:*:*:*:*",
"matchCriteriaId": "6B9FC583-AA79-4ED1-924B-DE58FBB88385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta27:*:*:*:*:*:*",
"matchCriteriaId": "727FA534-FB49-4784-A56E-D709071FFEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta28:*:*:*:*:*:*",
"matchCriteriaId": "17628553-688B-4574-9B2A-035937225DD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta29:*:*:*:*:*:*",
"matchCriteriaId": "E96F2F5A-A881-4EDC-965F-43984EA06151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta3:*:*:*:*:*:*",
"matchCriteriaId": "26E9442B-FCA7-42A3-9E73-343D9FF11985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta30:*:*:*:*:*:*",
"matchCriteriaId": "1EB24053-49FC-488C-8DC4-12F5A485EC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta31:*:*:*:*:*:*",
"matchCriteriaId": "653700ED-B2E3-4DD1-99A1-ED0B4504E628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta32:*:*:*:*:*:*",
"matchCriteriaId": "2C9B4D07-8B90-4932-8A37-D204995E85E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta33:*:*:*:*:*:*",
"matchCriteriaId": "D9F43544-D08D-4733-AE0D-A6C5742275D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta4:*:*:*:*:*:*",
"matchCriteriaId": "101240B5-FAC7-4D47-9C4A-840D06E082EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta5:*:*:*:*:*:*",
"matchCriteriaId": "608088FF-8EED-4F05-96EA-0E23F669C078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82401AB8-5432-4D75-ADC2-A310132EB9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta7:*:*:*:*:*:*",
"matchCriteriaId": "CECEDABC-F229-43F7-9795-9E87198424D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta8:*:*:*:*:*:*",
"matchCriteriaId": "712E5798-A0FC-44E7-972A-D2EF66F5C793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta9:*:*:*:*:*:*",
"matchCriteriaId": "82690AE3-BFFA-4616-AE30-35A6D21DFC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4D0082F7-DDD3-4266-B604-D1E2958ABAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00A32AD4-38C7-41BE-8042-9BCED336AA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BC96DBDE-15A7-4C63-8C71-AA5CD158E306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "834A6D33-2334-4361-92CE-8AECAF3614CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AFC3A80A-4C35-419F-B576-40A3FAD37723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D0FCC174-9216-433D-A5CB-A7C275DD9D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "09E2B608-6C70-446F-A3A7-369048D99855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:beta01:*:*:*:*:*:*",
"matchCriteriaId": "01EF52B3-BAD3-4E0C-B19C-3465A036B025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:beta02:*:*:*:*:*:*",
"matchCriteriaId": "1685F3BF-635D-43DD-855D-7666D807AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:beta03:*:*:*:*:*:*",
"matchCriteriaId": "BAA8FF97-98D2-425F-935C-36951DFEE029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:beta04:*:*:*:*:*:*",
"matchCriteriaId": "1CEE9078-6B9F-4BA1-A6BE-25743B02FE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE1A8933-9958-458B-A511-D018B7CA7D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "100BF4B6-2A63-416A-B19F-722A9B44F126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4DD8FB59-2260-4343-B4D6-279ED7D7D5E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc4:*:*:*:*:*:*",
"matchCriteriaId": "FDDCE2DE-94B7-460D-8BBB-26ACA4847807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A812C450-8E1F-4667-99EC-7237E1E319E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AD94AB7F-B7CF-42B0-AB71-23F42F3F1067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA00AE0-F447-4361-AA37-0C98BDE491E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:beta1:*:*:*:*:*:*",
"matchCriteriaId": "28F79E9F-4AA1-451A-8819-CAF21DB2C990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7E1C14E8-5644-4B5F-8894-092187B1EE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "77C9B755-140B-4DBF-8BF1-80431C0F9A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "599CE5F2-5D31-4A9D-86A0-9CFD3A34B193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5460DA6B-6F81-4B8C-9D8F-DB946E3F33EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "21DACE94-FBDC-4A3D-8DD6-E62D18F5EE7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta1:*:*:*:*:*:*",
"matchCriteriaId": "45E92521-FE62-4940-B194-A8482538401B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6DF7D5B4-A8BD-4F3B-8DB3-D5AB94086A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta2-1.2.21:*:*:*:*:*:*",
"matchCriteriaId": "B0A244FC-545E-4041-B922-B1B640E7E371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta3:*:*:*:*:*:*",
"matchCriteriaId": "40F8973E-8150-4834-8D9B-370F3664E894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta3-1.2.21:*:*:*:*:*:*",
"matchCriteriaId": "B9C93F2F-533D-4563-95F2-E94A2CCE9C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta4:*:*:*:*:*:*",
"matchCriteriaId": "73045C50-73FE-4162-8E8B-7721131E4396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta4-1.2.21:*:*:*:*:*:*",
"matchCriteriaId": "C89DFAAD-279A-462D-BF72-D75CC24E72E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1879D7C8-ABF1-4ECE-BBC7-71978695D4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:rc1-1.2.21:*:*:*:*:*:*",
"matchCriteriaId": "1B27B3A2-04E1-4261-AA70-30EE2AA934F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "220A02AF-6ADA-4B75-BC81-40B2D847029A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta01:*:*:*:*:*:*",
"matchCriteriaId": "CA60D3F3-149B-4A76-9F35-4A0A127ADF65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta01-1.2.22:*:*:*:*:*:*",
"matchCriteriaId": "EAC54968-17ED-422E-9C78-65E4E167C76C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta02:*:*:*:*:*:*",
"matchCriteriaId": "3D625A71-5F2D-446A-BD69-1470B4127DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta02-1.2.22:*:*:*:*:*:*",
"matchCriteriaId": "896E65A3-D814-4C58-8BD8-B10A2C812FC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta03:*:*:*:*:*:*",
"matchCriteriaId": "00C85EF8-8D8A-4ED8-B55B-2182421626CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta03-1.2.22:*:*:*:*:*:*",
"matchCriteriaId": "E07CE422-8047-4248-A36C-11E22A889D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta04:*:*:*:*:*:*",
"matchCriteriaId": "6D65DCF8-D9A6-4A9E-8171-C52E12EB1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta04-1.2.22:*:*:*:*:*:*",
"matchCriteriaId": "65BEA559-944B-4E32-9F74-323CE7EA4FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta05:*:*:*:*:*:*",
"matchCriteriaId": "C5114A9B-263F-4BBF-9A6A-F6E0900CDD78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta05-1.2.22:*:*:*:*:*:*",
"matchCriteriaId": "61EEC899-A9DC-44E4-8984-88DCBF733B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:rc01:*:*:*:*:*:*",
"matchCriteriaId": "4CD12B3A-27B6-4BD4-90B5-874B677689FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:rc01-1.2.22:*:*:*:*:*:*",
"matchCriteriaId": "F22010B9-E18B-45DB-9316-8F56A535D1BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEB8F61-195E-41DE-90CE-22854055E9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta01:*:*:*:*:*:*",
"matchCriteriaId": "27988956-B3F4-428A-B369-C5E01A2F9102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta01-1.2.23:*:*:*:*:*:*",
"matchCriteriaId": "84979A32-27E2-4A77-8245-47C6E61CE439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta02:*:*:*:*:*:*",
"matchCriteriaId": "B4D45B16-C278-4ABF-8B91-CFA0AB384290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta02-1.2.23:*:*:*:*:*:*",
"matchCriteriaId": "118582C6-A677-4FFB-9782-17BD35EE1973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta03:*:*:*:*:*:*",
"matchCriteriaId": "247153A0-CF83-4D6E-A657-5D8D217D8EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta03-1.2.23:*:*:*:*:*:*",
"matchCriteriaId": "6F43AC37-27DE-4A6D-A8FE-138B4DA8E4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:rc01:*:*:*:*:*:*",
"matchCriteriaId": "53D03C1D-684A-4BA5-841B-C414AD244DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:rc01-1.2.23:*:*:*:*:*:*",
"matchCriteriaId": "D0DBDAB9-0F52-4A84-B262-F23E869D30CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F72B91-1F7F-41EB-ABC8-1B50AFEC70EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta01:*:*:*:*:*:*",
"matchCriteriaId": "9F89EDB5-A195-479B-BEFB-E0A186A4A9D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta02:*:*:*:*:*:*",
"matchCriteriaId": "02BAC6A6-FBE9-48CD-9B4E-FC570684922B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta03:*:*:*:*:*:*",
"matchCriteriaId": "E695F515-AE7E-48AB-999C-75B62BEA0BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta04:*:*:*:*:*:*",
"matchCriteriaId": "D448D4A5-D827-4FF8-BAC1-E25FD8F01C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta05:*:*:*:*:*:*",
"matchCriteriaId": "935F2297-6CB4-4ABB-9F4D-F11708CDC069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta06:*:*:*:*:*:*",
"matchCriteriaId": "25ED23F7-DF30-46B2-99EF-3924E22C1870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:rc01:*:*:*:*:*:*",
"matchCriteriaId": "6FB56358-46E4-4999-A311-5E1819A6D5DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:rc02:*:*:*:*:*:*",
"matchCriteriaId": "F508CFA5-5602-445C-9E18-71B6A625F9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "111091B9-CBAE-4FC7-8B97-7D2345BFCB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta01:*:*:*:*:*:*",
"matchCriteriaId": "897D42F6-202B-425A-BF0D-76D1A74D8E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta02:*:*:*:*:*:*",
"matchCriteriaId": "50300181-3691-4EA2-B779-1C9CF59E08FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta03:*:*:*:*:*:*",
"matchCriteriaId": "CABA31D9-9EC0-4447-9C5E-8BC5DF5F431D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta04:*:*:*:*:*:*",
"matchCriteriaId": "D4568552-91F6-4E05-ADA5-4127CBD4D3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta05:*:*:*:*:*:*",
"matchCriteriaId": "D72D51C0-1044-4A74-823F-7123340FB9BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:rc01:*:*:*:*:*:*",
"matchCriteriaId": "947395DE-A911-47B3-983D-B5D23672068D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAA1090-C1C7-43A2-BD44-065572D226B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD92305-91BF-4984-A029-8FA83CBF1A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "31EE280F-D76D-478B-ADD6-D5F2C7574A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "747314F7-A515-41FF-8095-62A9F05F0DEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via \"out-of-bounds pixels\" in the file."
},
{
"lang": "es",
"value": "libpng anteriores a v1.2.37 no parsea adecuadamente 1-bit de im\u00e1genes entrelazadas con valores de ancho que no son divisibles por 8, lo que produce que libpng incluya bits sin inicializar en ciertas filas del fichero PNG lo que permitir\u00eda atacantes remotos leer trozos de memoria sensible a trav\u00e9s de \"pixeles fuera de rango\" en el fichero."
}
],
"id": "CVE-2009-2042",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-12T20:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35346"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35470"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35524"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35594"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39206"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39215"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39251"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200906-01.xml"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.551809"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4077"
},
{
"source": "cve@mitre.org",
"url": "http://ubuntu.com/usn/usn-913-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2032"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35233"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1510"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0637"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0682"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0847"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50966"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00218.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00630.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200906-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.551809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-913-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00218.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00630.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue has been addressed in Red Hat Enterprise Linux 3, 4, and 5 via https://rhn.redhat.com/errata/RHSA-2010-0534.html.",
"lastModified": "2010-07-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-24 16:15
Modified
2024-11-21 06:37
Severity ?
Summary
A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2021-4214 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2043393 | Exploit, Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://github.com/glennrp/libpng/issues/302 | Exploit, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2021-4214 | Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20221020-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2021-4214 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2043393 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/glennrp/libpng/issues/302 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2021-4214 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20221020-0001/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | 1.6.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | ontap_select_deploy_administration_utility | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "42882881-6827-4123-B217-FC9B4C36702A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap overflow flaw was found in libpngs\u0027 pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo de desbordamiento de la pila en el programa pngimage.c de libpngs. Este fallo permite a un atacante con acceso a la red local pasar un archivo PNG especialmente dise\u00f1ado a la utilidad pngimage, causando un fallo en la aplicaci\u00f3n, conllevando a una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2021-4214",
"lastModified": "2024-11-21T06:37:10.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-24T16:15:10.037",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4214"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043393"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/issues/302"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4214"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221020-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/issues/302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221020-0001/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-04 08:29
Modified
2024-11-21 04:48
Severity ?
Summary
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html | Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/108098 | Not Applicable, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:1265 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:1267 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:1269 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:1308 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:1309 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:1310 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2494 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2495 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2585 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2590 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2592 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2737 | Third Party Advisory | |
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/glennrp/libpng/issues/275 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Apr/30 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Apr/36 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/May/56 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/May/59 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/May/67 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201908-02 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190719-0005/ | Third Party Advisory | |
| cve@mitre.org | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3962-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3991-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3997-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4080-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4083-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2019/dsa-4435 | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2019/dsa-4448 | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2019/dsa-4451 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuApr2021.html | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuoct2021.html | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108098 | Not Applicable, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1265 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1267 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1269 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1308 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1309 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1310 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2494 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2495 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2585 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2590 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2592 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2737 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/glennrp/libpng/issues/275 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Apr/30 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Apr/36 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/May/56 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/May/59 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/May/67 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201908-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190719-0005/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3962-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3991-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3997-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4080-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4083-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4435 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4448 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4451 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuApr2021.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| canonical | ubuntu_linux | 19.04 | |
| oracle | hyperion_infrastructure_technology | 11.2.6.0 | |
| oracle | java_se | 7u221 | |
| oracle | java_se | 8u212 | |
| oracle | jdk | 11.0.3 | |
| oracle | jdk | 12.0.1 | |
| oracle | mysql | * | |
| hp | xp7_command_view | * | |
| hpe | xp7_command_view_advanced_edition_suite | * | |
| mozilla | firefox | - | |
| mozilla | thunderbird | - | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 42.3 | |
| opensuse | package_hub | - | |
| suse | linux_enterprise | 12.0 | |
| netapp | active_iq_unified_manager | * | |
| netapp | active_iq_unified_manager | * | |
| netapp | active_iq_unified_manager | 9.6 | |
| netapp | active_iq_unified_manager | 9.6 | |
| netapp | cloud_backup | - | |
| netapp | e-series_santricity_management | - | |
| netapp | e-series_santricity_storage_manager | * | |
| netapp | e-series_santricity_unified_manager | * | |
| netapp | e-series_santricity_web_services | * | |
| netapp | oncommand_insight | * | |
| netapp | oncommand_workflow_automation | * | |
| netapp | plug-in_for_symantec_netbackup | - | |
| netapp | snapmanager | * | |
| netapp | snapmanager | * | |
| netapp | snapmanager | 3.4.2 | |
| netapp | snapmanager | 3.4.2 | |
| netapp | steelstore | - | |
| redhat | satellite | 5.8 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_for_ibm_z_systems | 6.0 | |
| redhat | enterprise_linux_for_ibm_z_systems | 7.0 | |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0 | |
| redhat | enterprise_linux_for_power_big_endian | 6.0 | |
| redhat | enterprise_linux_for_power_big_endian | 7.0 | |
| redhat | enterprise_linux_for_power_little_endian | 7.0 | |
| redhat | enterprise_linux_for_power_little_endian | 8.0 | |
| redhat | enterprise_linux_for_scientific_computing | 6.0 | |
| redhat | enterprise_linux_for_scientific_computing | 7.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "078AA00A-515F-493E-A53E-FE1937FA8018",
"versionEndExcluding": "1.6.37",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*",
"matchCriteriaId": "712507AC-DAB8-4FFE-9426-08282919411F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C21D62F-F3DD-4E9E-B644-07CCC49F3D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*",
"matchCriteriaId": "3999BDC1-BA77-4DBE-8041-D993BA9FF04D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B2677D-6B48-45A2-8567-AB6DB9FF1B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF3DD5E-1A96-4285-84BA-EB5E31EF2516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32318CC6-B8C4-4429-BB8B-134DC202A27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0185E85D-2C64-4D77-BC1D-A20165D5078E",
"versionEndExcluding": "8.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "6B07BDE2-FE50-4C0E-9C73-6AA6C1D6C060",
"versionEndExcluding": "8.7.0-00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE33C1F1-DED8-424C-8942-E1A48A9EBA05",
"versionEndExcluding": "8.7.0-00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D4FFCF-5309-43B6-9FD5-680C6D535A7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF583CDC-DE9E-45AB-9861-CB203BFA8862",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8B0B75-0DF2-4B5C-BC81-2F8E172AEE4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "60429DC5-C403-41D1-9DDF-30782D012DF6",
"versionEndExcluding": "9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "95571D2E-5C83-484C-A44F-AC36972C67D1",
"versionEndExcluding": "9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3AF659DD-C4AE-4DDC-B50B-327A717EFC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*",
"matchCriteriaId": "40E21C6E-AEDF-43E8-AA80-629C77D24DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "BADA4949-F766-4092-A6BC-1B85B5FB60FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC01AF8-4A4B-4FC4-B07F-1193FEFF5A47",
"versionEndExcluding": "11.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8557ED41-5B30-47C8-A556-6C1F6E8E227B",
"versionEndExcluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*",
"matchCriteriaId": "C7E42333-853D-4938-90EB-2A6653476357",
"versionEndExcluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82DC1F62-0DA2-4BB8-9AFE-4BC4366205F5",
"versionEndExcluding": "7.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2798786F-A818-4C52-BC20-0A69DB49D16A",
"versionEndExcluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*",
"matchCriteriaId": "41436638-0B88-4823-8208-81C01F2CA6A6",
"versionEndExcluding": "3.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*",
"matchCriteriaId": "910F5303-1F70-44E3-A951-567447BC46FF",
"versionEndExcluding": "3.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*",
"matchCriteriaId": "1925AC26-45D4-46D5-ACDD-91E5A90977B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*",
"matchCriteriaId": "9DC6435A-8369-4D18-A6EE-84E73D6AA84D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF5449D-22D2-48B4-8F50-57B43DCB15B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5291B60-AB52-4830-8E1A-8048A471902C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25C8B513-76C1-4184-A253-CB32F04A05BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "634C23AC-AC9C-43F4-BED8-1C720816D5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute."
},
{
"lang": "es",
"value": "La funci\u00f3n png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la funci\u00f3n png_image_free_function es llamada bajo png_safe_execute."
}
],
"id": "CVE-2019-7317",
"lastModified": "2024-11-21T04:48:00.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-04T08:29:00.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108098"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1265"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1267"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1269"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2494"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2495"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2585"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2590"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2592"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2737"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/36"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/56"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/59"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/59"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-20 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/32418 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34265 | ||
| cve@mitre.org | http://secunia.com/advisories/34320 | ||
| cve@mitre.org | http://secunia.com/advisories/34388 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200903-28.xml | ||
| cve@mitre.org | http://sourceforge.net/project/shownotes.php?release_id=635463&group_id=5624 | Patch | |
| cve@mitre.org | http://sourceforge.net/project/shownotes.php?release_id=635837 | Patch | |
| cve@mitre.org | http://wiki.rpath.com/Advisories:rPSA-2009-0046 | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1750 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2010:133 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/501767/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/31920 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1021104 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2917 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/1837 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/46115 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32418 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34265 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34320 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34388 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200903-28.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/project/shownotes.php?release_id=635463&group_id=5624 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/project/shownotes.php?release_id=635837 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2009-0046 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1750 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:133 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/501767/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/31920 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021104 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2917 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1837 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/46115 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.7 | |
| libpng | libpng | 1.2.7 | |
| libpng | libpng | 1.2.7 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.18 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.27 | |
| libpng | libpng | 1.2.28 | |
| libpng | libpng | 1.2.29 | |
| libpng | libpng | 1.2.30 | |
| libpng | libpng | 1.2.31 | |
| libpng | libpng | 1.2.32 | |
| libpng | libpng | 1.2.33 | |
| libpng | libpng | 1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C036011A-9AE1-423C-8B73-188B9BA20FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F008946C-43E9-4ECD-AE9F-486A4686AE87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6A4D6BB0-8E1A-49A4-BBC9-CBFA252C92A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CFE1DB59-0A60-432B-9D88-906C4FE6D6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C111BDD4-2A52-4FB7-8D21-6049A10BCDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6B33807C-8E7B-4A04-BE92-59C1B845AD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1614466-8EAC-4404-A674-EFFE0FFFBDC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "663C6EE5-5B5E-4C0F-9E7F-D0E1DA9AF9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FF2D5068-5BF3-425C-8B1A-E12E3D3CD8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "BF4F7833-4F88-4C54-AEC7-3C4FB797AE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F2A973ED-CA5B-4A18-ACAB-1542E3866896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "FA737702-6335-42F9-99B9-856D531B70F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8EAD9719-2736-40AE-BBEB-8BA627E8DF7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62693E5F-2EF6-49B5-9946-42CE61F4ACFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8051459E-94D3-4D4A-9D40-CC9475DDB00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "65ACA253-BDE7-4CAE-8F74-71EBA4728358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9C776F58-A76E-4ED3-825B-52ADFB38D0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FF62B46E-37C4-426A-8854-E961BEB543E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C5EDDB54-70C6-41D0-AC5C-C10F8D107964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CAEAB037-F146-444F-A867-D08BD48DA6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta6:*:*:*:*:*:*",
"matchCriteriaId": "4962A86F-C9F5-4F03-AFCD-D2E6FD08BD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47CF2A43-2D15-4D70-A424-C12053D1A6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42056C63-69A7-43CF-828C-0C3E365702D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6AF8999B-86FF-4EC2-8EF3-C7461A6EBF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F79E13B4-A826-47E9-BE30-E5D9864E8681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C6577A0A-B689-424E-BAAE-BD5DF2615311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6FA7418E-2F52-4F24-8722-8CA9781943F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:rc5:*:*:*:*:*:*",
"matchCriteriaId": "BABFD5AE-95DD-478E-8E55-1541C4EF3D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:rc6:*:*:*:*:*:*",
"matchCriteriaId": "511E1319-C882-4761-ACD5-84617B78578E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6A39A3-7F86-4DC3-B248-859630AFB9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:beta1:*:*:*:*:*:*",
"matchCriteriaId": "27A6EDED-CB33-4C80-B9C0-9774CC1455B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:beta2:*:*:*:*:*:*",
"matchCriteriaId": "0CB4A1D0-2360-4191-AE7C-0B1B4E0FB34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2D252442-7A38-4AD7-9CEA-DD5B090726DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "203E0B7E-7ED5-4F89-8E12-BDA590DC7DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58377AE3-1C13-4C3F-BC55-8336DAEEF97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "64DCD92E-792F-4A6F-AF83-1B04E3B9F62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "225CEEB5-1CE9-4818-A299-77516A26F30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "EC2F9039-5B77-484E-A764-6CEF41F2729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A4DD7CF-90BD-4DD3-9E1A-7D2F527CAC53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6BA5FE79-5C4C-47E5-9DF2-CEF37F139389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A434DDF7-A9D4-42AE-8A92-41E45C42B683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "005C2DA4-D00E-4206-851E-9226D66B5F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1608ABE4-8EE7-4280-B8E0-D4518BA1D706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:beta2:*:*:*:*:*:*",
"matchCriteriaId": "0AECC80A-1D17-4BFD-92D6-6CFBAF88BEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F29E6D8C-3691-4451-AB5F-48574C98A551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D8C90D1A-B862-4B43-B5BB-67DE455DFC4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C56374A-0D57-4545-B538-20964F392996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "08722144-6645-4321-8340-6E68DF1AFE99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2C30D261-CBE2-4E3A-9ED0-9D2DFB04D465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "665B34A9-4331-4FC4-BB78-D6EE89827D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:rc5:*:*:*:*:*:*",
"matchCriteriaId": "4B9D5E28-E8E0-47F6-8728-18F2DDE0DCCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97B17602-0D97-469B-A9B1-30AAC8F758F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.7:beta1:*:*:*:*:*:*",
"matchCriteriaId": "093976B1-BC7C-4671-B4B1-0FB94D0F699A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.7:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C248EEB8-1510-40A4-B37B-E8F9AAE8687C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "857B664A-C6F9-45E3-93EA-C0F53CEF5C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:beta1:*:*:*:*:*:*",
"matchCriteriaId": "51C96068-1E81-430D-9C5F-A4273CA0BBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:beta2:*:*:*:*:*:*",
"matchCriteriaId": "243E4DB3-2553-48E9-9DA2-8AF955389EC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E85CE44F-46D0-46F4-B4AB-271A9BC271EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2716FBF4-5BDB-4D76-AC79-AB9158DA1241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CFD6B80F-7574-4A9F-AC40-7E357EE3F50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "244D10AC-1C34-4D18-AB06-F9C2C9F564BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8DBEEA4A-8175-4E06-8346-93541868A6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C3CC9D97-1C0F-4A48-9F2A-A74960A84D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A692466A-6258-4D90-B362-9797B03CDB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9BE92591-5AD8-47D0-BDDE-350C2BFB5736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFDA458-74E8-4DEF-B524-A4A8672CB66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B5E6F6A5-0844-4625-8AA4-E1CA8E15C1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta10:*:*:*:*:*:*",
"matchCriteriaId": "786B4160-C9E9-4EDD-83D9-741576FDDF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta2:*:*:*:*:*:*",
"matchCriteriaId": "039D87A3-49FA-4C02-B137-42D4407DD4A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEA0BB0-24E2-4D13-ACD6-BC4DD7878AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D7981F07-C65C-4AA8-8653-786FD6A50BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta5:*:*:*:*:*:*",
"matchCriteriaId": "EE280017-8064-416B-AFA2-3DC8D2B1331B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta6:*:*:*:*:*:*",
"matchCriteriaId": "CA584B09-52A3-4D87-8B72-B704069766E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta7:*:*:*:*:*:*",
"matchCriteriaId": "A10C7AE8-85C0-4CD1-910B-320FE52AD542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta8:*:*:*:*:*:*",
"matchCriteriaId": "6763A6C3-53E3-41AF-B5DF-4ACDC5371AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta9:*:*:*:*:*:*",
"matchCriteriaId": "1693150F-E485-47D9-A957-C0A8FEFC8844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F08FBEB-3FA9-4C57-9CD7-717C41F352C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3E3BF3-4376-4692-A515-A7B6593F28F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E83B68F-B0E2-4C37-A711-1714652AB961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4F17A4B7-99C2-407A-9536-4B54EDC02899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F854F244-78C9-46C6-8862-1DA58912FCE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta4:*:*:*:*:*:*",
"matchCriteriaId": "9A4C883A-A2A3-4D5F-8114-CE9220FFF7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta5:*:*:*:*:*:*",
"matchCriteriaId": "3544F0FF-3EEE-4902-B412-EB57D6AE7A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta6:*:*:*:*:*:*",
"matchCriteriaId": "5F428FF4-21A8-4605-AFCD-E78F43E46AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta7:*:*:*:*:*:*",
"matchCriteriaId": "7132AA21-DC2F-4493-9BCC-27E3D8F075AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B65F8362-934F-452D-8E86-0DB2E3C7B43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "934D0AB5-62FB-4EC1-971A-A1BA8EEAD008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5891F237-D1DB-4CCE-8A8B-D10E7EDCB926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6AF9D5-CE60-4FC9-91AB-E243F0D429E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E114E18D-2882-4843-9356-279C69ABCBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta2:*:*:*:*:*:*",
"matchCriteriaId": "5E271694-B8C8-4BCF-8B4A-0425BA50EF6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E36CC085-34FF-4B84-8628-74BEEC686C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta4:*:*:*:*:*:*",
"matchCriteriaId": "06793BE6-3370-4FCB-A400-C6AF95D1E66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE742D36-3A33-4316-8326-FA2F1B228E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "25D0C5E1-4D8D-42EE-8C94-12D442181DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3326F984-8312-4E7F-A269-0A06FAC8BE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "290CF6FC-3BD6-4974-9DEC-188B79DC816A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F848FA5-9682-454F-A9DE-671C4401F15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:beta1:*:*:*:*:*:*",
"matchCriteriaId": "782ABB64-C2F2-4326-A69F-75E514055C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0EF9CEE2-8DB6-480F-970C-E19FEF31D0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "28C13A65-C0D6-4904-8C92-E5233D7E5CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B83678-98A1-440E-950C-4A27995C7294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:beta1:*:*:*:*:*:*",
"matchCriteriaId": "38993FC7-12DD-4D75-8EC6-719C0AD66191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:beta2:*:*:*:*:*:*",
"matchCriteriaId": "0CAF82B9-020B-48FD-BE3D-70B8A7A8CDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C43481DF-59C5-4E9B-8CB9-49E4873B7263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9EEE31-479A-4370-BF00-C26C1AF502B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BFFC71CB-0B01-4A34-85B8-8A27C1E7D451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EC53C1C7-ED9C-44C2-B446-0426E4C92D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B996835E-97DB-47B1-80B9-BE757680CAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AC7256E6-502A-47A5-A692-90162AA40AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta5:*:*:*:*:*:*",
"matchCriteriaId": "53E7BDBC-5BF8-4BA3-959D-1D16ACD558D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta6:*:*:*:*:*:*",
"matchCriteriaId": "79B6B4A0-9B7E-4835-9F82-2B1D1AF955AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "27BBC74C-51A3-48BB-B867-3A5F58AD8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DEDAB32-9D5C-4F12-B9E4-ABEA615DC11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C3DA5585-140C-4F27-8654-BCFCB12659B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc4:*:*:*:*:*:*",
"matchCriteriaId": "AA8F6085-9769-44DE-8E43-FAB7C7791A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5A4D700F-AA36-4A5B-8BD3-3BD9A452D743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "95EABD7D-1F18-4FA5-BAA9-F8D69129E531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D6045135-54AF-4B83-9279-47BB1DB67172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DBB7D1F1-7959-4459-827C-90B193F58269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A6F2F0-E088-458F-813F-5B45EA01B77F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "65B836CA-3740-48B0-966B-21E65EF3D636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:beta1:*:*:*:*:*:*",
"matchCriteriaId": "96308F2E-E2DE-4C0F-B0A6-7FDFFF67A0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A21785C-989F-4E72-932B-E77892EF492A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0D832C4A-0793-4B64-944D-086CF614CAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7C8E2232-7077-4CE4-9141-80F2F744F0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "38CDA418-F580-4625-9D84-F01EA5D0FC5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D0FB8DC5-ABD5-41BE-99EC-E610504D6F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3988FA1B-18D9-46AA-87BA-A6B01D4F4B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51A46409-7AC6-45DB-B92D-29988C445BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53B41406-956A-48C9-9CDA-D7257D19E6F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta10:*:*:*:*:*:*",
"matchCriteriaId": "B100CFD4-788C-44BF-A55D-225F72314A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta11:*:*:*:*:*:*",
"matchCriteriaId": "7B6BFCBC-F3E9-4CDD-833F-01D51594B0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta12:*:*:*:*:*:*",
"matchCriteriaId": "589DC20E-E642-4BC7-83CD-01323D7F6236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta13:*:*:*:*:*:*",
"matchCriteriaId": "6A9B81C1-EAF8-44B6-A4FD-2568FFBB6FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta14:*:*:*:*:*:*",
"matchCriteriaId": "22EBF19B-7E53-4627-AE87-6B7C4ACD88F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta15:*:*:*:*:*:*",
"matchCriteriaId": "43744C82-D271-4BF3-9AD8-A48C1B5BA33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta16:*:*:*:*:*:*",
"matchCriteriaId": "FD68995C-816C-4E25-B8B3-0BC808490D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta17:*:*:*:*:*:*",
"matchCriteriaId": "6EDC3AE7-569F-4016-B35E-E8B8B3456959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta18:*:*:*:*:*:*",
"matchCriteriaId": "17068432-BFE0-4BE1-A86B-7D6562D18103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta19:*:*:*:*:*:*",
"matchCriteriaId": "A0F0F2AF-748A-411A-8B95-45A04800FF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta2:*:*:*:*:*:*",
"matchCriteriaId": "945C0B80-E562-4495-849E-23EE406D2EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta20:*:*:*:*:*:*",
"matchCriteriaId": "5E91B287-CDFC-4791-95D5-54AC847877D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta21:*:*:*:*:*:*",
"matchCriteriaId": "1F09C15E-E20C-473D-AF13-5509669DA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta22:*:*:*:*:*:*",
"matchCriteriaId": "36FD7096-C215-4CCA-B0BE-244E9708E947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta23:*:*:*:*:*:*",
"matchCriteriaId": "4AC8DAFE-64A5-47C6-BE99-093E744181B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta24:*:*:*:*:*:*",
"matchCriteriaId": "C075C36D-D191-4165-A2A8-A8BA6AD93862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta25:*:*:*:*:*:*",
"matchCriteriaId": "F7E9A4DE-C0B7-4951-97D2-26EFFE065A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta26:*:*:*:*:*:*",
"matchCriteriaId": "6B9FC583-AA79-4ED1-924B-DE58FBB88385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta27:*:*:*:*:*:*",
"matchCriteriaId": "727FA534-FB49-4784-A56E-D709071FFEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta28:*:*:*:*:*:*",
"matchCriteriaId": "17628553-688B-4574-9B2A-035937225DD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta29:*:*:*:*:*:*",
"matchCriteriaId": "E96F2F5A-A881-4EDC-965F-43984EA06151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta3:*:*:*:*:*:*",
"matchCriteriaId": "26E9442B-FCA7-42A3-9E73-343D9FF11985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta30:*:*:*:*:*:*",
"matchCriteriaId": "1EB24053-49FC-488C-8DC4-12F5A485EC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta31:*:*:*:*:*:*",
"matchCriteriaId": "653700ED-B2E3-4DD1-99A1-ED0B4504E628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta32:*:*:*:*:*:*",
"matchCriteriaId": "2C9B4D07-8B90-4932-8A37-D204995E85E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta33:*:*:*:*:*:*",
"matchCriteriaId": "D9F43544-D08D-4733-AE0D-A6C5742275D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta4:*:*:*:*:*:*",
"matchCriteriaId": "101240B5-FAC7-4D47-9C4A-840D06E082EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta5:*:*:*:*:*:*",
"matchCriteriaId": "608088FF-8EED-4F05-96EA-0E23F669C078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82401AB8-5432-4D75-ADC2-A310132EB9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta7:*:*:*:*:*:*",
"matchCriteriaId": "CECEDABC-F229-43F7-9795-9E87198424D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta8:*:*:*:*:*:*",
"matchCriteriaId": "712E5798-A0FC-44E7-972A-D2EF66F5C793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta9:*:*:*:*:*:*",
"matchCriteriaId": "82690AE3-BFFA-4616-AE30-35A6D21DFC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4D0082F7-DDD3-4266-B604-D1E2958ABAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00A32AD4-38C7-41BE-8042-9BCED336AA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BC96DBDE-15A7-4C63-8C71-AA5CD158E306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "834A6D33-2334-4361-92CE-8AECAF3614CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AFC3A80A-4C35-419F-B576-40A3FAD37723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D0FCC174-9216-433D-A5CB-A7C275DD9D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "09E2B608-6C70-446F-A3A7-369048D99855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:beta01:*:*:*:*:*:*",
"matchCriteriaId": "01EF52B3-BAD3-4E0C-B19C-3465A036B025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:beta02:*:*:*:*:*:*",
"matchCriteriaId": "1685F3BF-635D-43DD-855D-7666D807AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:beta03:*:*:*:*:*:*",
"matchCriteriaId": "BAA8FF97-98D2-425F-935C-36951DFEE029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:beta04:*:*:*:*:*:*",
"matchCriteriaId": "1CEE9078-6B9F-4BA1-A6BE-25743B02FE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE1A8933-9958-458B-A511-D018B7CA7D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "100BF4B6-2A63-416A-B19F-722A9B44F126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4DD8FB59-2260-4343-B4D6-279ED7D7D5E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc4:*:*:*:*:*:*",
"matchCriteriaId": "FDDCE2DE-94B7-460D-8BBB-26ACA4847807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A812C450-8E1F-4667-99EC-7237E1E319E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AD94AB7F-B7CF-42B0-AB71-23F42F3F1067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA00AE0-F447-4361-AA37-0C98BDE491E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:beta1:*:*:*:*:*:*",
"matchCriteriaId": "28F79E9F-4AA1-451A-8819-CAF21DB2C990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7E1C14E8-5644-4B5F-8894-092187B1EE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "77C9B755-140B-4DBF-8BF1-80431C0F9A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "599CE5F2-5D31-4A9D-86A0-9CFD3A34B193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5460DA6B-6F81-4B8C-9D8F-DB946E3F33EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "21DACE94-FBDC-4A3D-8DD6-E62D18F5EE7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta1:*:*:*:*:*:*",
"matchCriteriaId": "45E92521-FE62-4940-B194-A8482538401B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6DF7D5B4-A8BD-4F3B-8DB3-D5AB94086A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta2-1.2.21:*:*:*:*:*:*",
"matchCriteriaId": "B0A244FC-545E-4041-B922-B1B640E7E371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta3:*:*:*:*:*:*",
"matchCriteriaId": "40F8973E-8150-4834-8D9B-370F3664E894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta3-1.2.21:*:*:*:*:*:*",
"matchCriteriaId": "B9C93F2F-533D-4563-95F2-E94A2CCE9C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta4:*:*:*:*:*:*",
"matchCriteriaId": "73045C50-73FE-4162-8E8B-7721131E4396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta4-1.2.21:*:*:*:*:*:*",
"matchCriteriaId": "C89DFAAD-279A-462D-BF72-D75CC24E72E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1879D7C8-ABF1-4ECE-BBC7-71978695D4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:rc1-1.2.21:*:*:*:*:*:*",
"matchCriteriaId": "1B27B3A2-04E1-4261-AA70-30EE2AA934F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "220A02AF-6ADA-4B75-BC81-40B2D847029A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta01:*:*:*:*:*:*",
"matchCriteriaId": "CA60D3F3-149B-4A76-9F35-4A0A127ADF65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta01-1.2.22:*:*:*:*:*:*",
"matchCriteriaId": "EAC54968-17ED-422E-9C78-65E4E167C76C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta02:*:*:*:*:*:*",
"matchCriteriaId": "3D625A71-5F2D-446A-BD69-1470B4127DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta02-1.2.22:*:*:*:*:*:*",
"matchCriteriaId": "896E65A3-D814-4C58-8BD8-B10A2C812FC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta03:*:*:*:*:*:*",
"matchCriteriaId": "00C85EF8-8D8A-4ED8-B55B-2182421626CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta03-1.2.22:*:*:*:*:*:*",
"matchCriteriaId": "E07CE422-8047-4248-A36C-11E22A889D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta04:*:*:*:*:*:*",
"matchCriteriaId": "6D65DCF8-D9A6-4A9E-8171-C52E12EB1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta04-1.2.22:*:*:*:*:*:*",
"matchCriteriaId": "65BEA559-944B-4E32-9F74-323CE7EA4FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta05:*:*:*:*:*:*",
"matchCriteriaId": "C5114A9B-263F-4BBF-9A6A-F6E0900CDD78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta05-1.2.22:*:*:*:*:*:*",
"matchCriteriaId": "61EEC899-A9DC-44E4-8984-88DCBF733B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:rc01:*:*:*:*:*:*",
"matchCriteriaId": "4CD12B3A-27B6-4BD4-90B5-874B677689FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:rc01-1.2.22:*:*:*:*:*:*",
"matchCriteriaId": "F22010B9-E18B-45DB-9316-8F56A535D1BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEB8F61-195E-41DE-90CE-22854055E9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta01:*:*:*:*:*:*",
"matchCriteriaId": "27988956-B3F4-428A-B369-C5E01A2F9102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta01-1.2.23:*:*:*:*:*:*",
"matchCriteriaId": "84979A32-27E2-4A77-8245-47C6E61CE439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta02:*:*:*:*:*:*",
"matchCriteriaId": "B4D45B16-C278-4ABF-8B91-CFA0AB384290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta02-1.2.23:*:*:*:*:*:*",
"matchCriteriaId": "118582C6-A677-4FFB-9782-17BD35EE1973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta03:*:*:*:*:*:*",
"matchCriteriaId": "247153A0-CF83-4D6E-A657-5D8D217D8EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta03-1.2.23:*:*:*:*:*:*",
"matchCriteriaId": "6F43AC37-27DE-4A6D-A8FE-138B4DA8E4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:rc01:*:*:*:*:*:*",
"matchCriteriaId": "53D03C1D-684A-4BA5-841B-C414AD244DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:rc01-1.2.23:*:*:*:*:*:*",
"matchCriteriaId": "D0DBDAB9-0F52-4A84-B262-F23E869D30CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F72B91-1F7F-41EB-ABC8-1B50AFEC70EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta01:*:*:*:*:*:*",
"matchCriteriaId": "9F89EDB5-A195-479B-BEFB-E0A186A4A9D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta02:*:*:*:*:*:*",
"matchCriteriaId": "02BAC6A6-FBE9-48CD-9B4E-FC570684922B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta03:*:*:*:*:*:*",
"matchCriteriaId": "E695F515-AE7E-48AB-999C-75B62BEA0BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta04:*:*:*:*:*:*",
"matchCriteriaId": "D448D4A5-D827-4FF8-BAC1-E25FD8F01C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta05:*:*:*:*:*:*",
"matchCriteriaId": "935F2297-6CB4-4ABB-9F4D-F11708CDC069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta06:*:*:*:*:*:*",
"matchCriteriaId": "25ED23F7-DF30-46B2-99EF-3924E22C1870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:rc01:*:*:*:*:*:*",
"matchCriteriaId": "6FB56358-46E4-4999-A311-5E1819A6D5DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:rc02:*:*:*:*:*:*",
"matchCriteriaId": "F508CFA5-5602-445C-9E18-71B6A625F9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "111091B9-CBAE-4FC7-8B97-7D2345BFCB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta01:*:*:*:*:*:*",
"matchCriteriaId": "897D42F6-202B-425A-BF0D-76D1A74D8E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta02:*:*:*:*:*:*",
"matchCriteriaId": "50300181-3691-4EA2-B779-1C9CF59E08FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta03:*:*:*:*:*:*",
"matchCriteriaId": "CABA31D9-9EC0-4447-9C5E-8BC5DF5F431D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta04:*:*:*:*:*:*",
"matchCriteriaId": "D4568552-91F6-4E05-ADA5-4127CBD4D3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta05:*:*:*:*:*:*",
"matchCriteriaId": "D72D51C0-1044-4A74-823F-7123340FB9BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta06:*:*:*:*:*:*",
"matchCriteriaId": "BF7EE024-3E34-4452-A832-751BBC109086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:rc01:*:*:*:*:*:*",
"matchCriteriaId": "947395DE-A911-47B3-983D-B5D23672068D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "54C6D9D3-50B2-4A63-B3D1-C76C70F4443E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "4110AA74-C69D-45BC-A630-9EE3A2036BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DEFD05-10EE-4242-B885-FD1B0DF6CAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAA1090-C1C7-43A2-BD44-065572D226B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD92305-91BF-4984-A029-8FA83CBF1A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F9A6DB-19BF-4798-879E-9BD4AD5EFF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "31EE280F-D76D-478B-ADD6-D5F2C7574A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta36:*:*:*:*:*:*",
"matchCriteriaId": "345A3C6A-322F-4B01-ABE9-16B403F48DEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file."
},
{
"lang": "es",
"value": "Fuga de memoria en la funci\u00f3n png_handle_tEXt en pngrutil.c en libpng anterior a v1.2.33 rc02 y v1.4.0 beta36 que permite a atacantes dependientes de contexto producir una denegacion de servicio (agotamiento de memoria) a traves de un fichero PNG manipulado."
}
],
"id": "CVE-2008-6218",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-20T17:30:03.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32418"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34265"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34320"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34388"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200903-28.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=635463\u0026group_id=5624"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=635837"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0046"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/501767/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31920"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021104"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2917"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200903-28.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=635463\u0026group_id=5624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=635837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501767/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46115"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat does not consider this bug a security flaw. For more details please see the following bug:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=468990",
"lastModified": "2009-06-03T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-29 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2012-0523.html | ||
| cve@mitre.org | http://secunia.com/advisories/48587 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/48644 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/48665 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/48721 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/48983 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/49660 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201206-15.xml | ||
| cve@mitre.org | http://support.apple.com/kb/HT5501 | ||
| cve@mitre.org | http://support.apple.com/kb/HT5503 | ||
| cve@mitre.org | http://ubuntu.com/usn/usn-1417-1 | ||
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2446 | ||
| cve@mitre.org | http://www.libpng.org/pub/png/libpng.html | Vendor Advisory | |
| cve@mitre.org | http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:046 | ||
| cve@mitre.org | http://www.osvdb.org/80822 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/52830 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1026879 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/74494 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-0523.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48587 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48644 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48665 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48721 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48983 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49660 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201206-15.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5501 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5503 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ubuntu.com/usn/usn-1417-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2446 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.libpng.org/pub/png/libpng.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:046 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/80822 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/52830 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1026879 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/74494 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | 1.0.0 | |
| libpng | libpng | 1.0.1 | |
| libpng | libpng | 1.0.2 | |
| libpng | libpng | 1.0.3 | |
| libpng | libpng | 1.0.5 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.10 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.13 | |
| libpng | libpng | 1.0.14 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.16 | |
| libpng | libpng | 1.0.17 | |
| libpng | libpng | 1.0.18 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.20 | |
| libpng | libpng | 1.0.21 | |
| libpng | libpng | 1.0.22 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.24 | |
| libpng | libpng | 1.0.25 | |
| libpng | libpng | 1.0.26 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.30 | |
| libpng | libpng | 1.0.31 | |
| libpng | libpng | 1.0.32 | |
| libpng | libpng | 1.0.33 | |
| libpng | libpng | 1.0.34 | |
| libpng | libpng | 1.0.35 | |
| libpng | libpng | 1.0.37 | |
| libpng | libpng | 1.0.38 | |
| libpng | libpng | 1.0.39 | |
| libpng | libpng | 1.0.40 | |
| libpng | libpng | 1.0.41 | |
| libpng | libpng | 1.0.42 | |
| libpng | libpng | 1.0.43 | |
| libpng | libpng | 1.0.44 | |
| libpng | libpng | 1.0.45 | |
| libpng | libpng | 1.0.46 | |
| libpng | libpng | 1.0.47 | |
| libpng | libpng | 1.0.48 | |
| libpng | libpng | 1.0.50 | |
| libpng | libpng | 1.0.51 | |
| libpng | libpng | 1.0.52 | |
| libpng | libpng | 1.0.53 | |
| libpng | libpng | 1.0.54 | |
| libpng | libpng | 1.0.55 | |
| libpng | libpng | 1.0.55 | |
| libpng | libpng | 1.0.56 | |
| libpng | libpng | 1.0.56 | |
| libpng | libpng | 1.0.57 | |
| libpng | libpng | 1.0.57 | |
| libpng | libpng | 1.0.58 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.7 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.12 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.18 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.27 | |
| libpng | libpng | 1.2.28 | |
| libpng | libpng | 1.2.29 | |
| libpng | libpng | 1.2.30 | |
| libpng | libpng | 1.2.31 | |
| libpng | libpng | 1.2.32 | |
| libpng | libpng | 1.2.33 | |
| libpng | libpng | 1.2.34 | |
| libpng | libpng | 1.2.35 | |
| libpng | libpng | 1.2.36 | |
| libpng | libpng | 1.2.37 | |
| libpng | libpng | 1.2.38 | |
| libpng | libpng | 1.2.39 | |
| libpng | libpng | 1.2.40 | |
| libpng | libpng | 1.2.41 | |
| libpng | libpng | 1.2.42 | |
| libpng | libpng | 1.2.43 | |
| libpng | libpng | 1.2.43 | |
| libpng | libpng | 1.2.44 | |
| libpng | libpng | 1.2.45 | |
| libpng | libpng | 1.2.45 | |
| libpng | libpng | 1.2.46 | |
| libpng | libpng | 1.2.46 | |
| libpng | libpng | 1.2.47 | |
| libpng | libpng | 1.2.47 | |
| libpng | libpng | 1.2.48 | |
| libpng | libpng | 1.2.48 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.1 | |
| libpng | libpng | 1.4.2 | |
| libpng | libpng | 1.4.3 | |
| libpng | libpng | 1.4.4 | |
| libpng | libpng | 1.4.5 | |
| libpng | libpng | 1.4.6 | |
| libpng | libpng | 1.4.7 | |
| libpng | libpng | 1.4.8 | |
| libpng | libpng | 1.4.9 | |
| libpng | libpng | 1.4.10 | |
| libpng | libpng | 1.5.0 | |
| libpng | libpng | 1.5.1 | |
| libpng | libpng | 1.5.1 | |
| libpng | libpng | 1.5.2 | |
| libpng | libpng | 1.5.2 | |
| libpng | libpng | 1.5.3 | |
| libpng | libpng | 1.5.4 | |
| libpng | libpng | 1.5.4 | |
| libpng | libpng | 1.5.5 | |
| libpng | libpng | 1.5.5 | |
| libpng | libpng | 1.5.6 | |
| libpng | libpng | 1.5.6 | |
| libpng | libpng | 1.5.7 | |
| libpng | libpng | 1.5.7 | |
| libpng | libpng | 1.5.8 | |
| libpng | libpng | 1.5.8 | |
| libpng | libpng | 1.5.9 | |
| libpng | libpng | 1.5.9 | |
| libpng | libpng | 1.5.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6B3DAF-DF99-48B2-8E7C-BE8E043D4C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29050958-EFD8-4A79-9022-EF72AAD4EDB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CB33B1-71B2-4235-A2C1-FCAEA9844A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "436F8C71-1780-4DC6-937B-8F1F51C7453D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF2C6F3-BFE7-4234-9975-DE7FCDA26A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B79DC5F-5062-4031-BA11-746EE3C8E1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD6DE25-8B2F-4DB9-9969-8AAC23BC0AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "35F2B503-1516-465D-A558-9932BDB3457D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BA94EAAA-A4D2-4E36-BC69-BBE9644FE970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A7C96C-8FBB-42B4-937E-3321C939CC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94084356-D39B-41B2-AC24-0ADAD0BF5988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "086C6335-7872-46A7-AEB1-9BE5AE5A788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8233B1-04A0-4E25-97EE-CF466B48A12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FA714E7E-05EF-4598-9324-887BC66C675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CF3B73-D3B9-4D76-B411-C837BCE0806E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1752D91-3468-4E22-B60F-6789B3CBD7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F433AA7E-A780-4D45-AD1A-5A4CE1F3FCD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "93E210A7-489B-4EA7-A840-599523157DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B37565FA-72F5-4063-8D7A-97BC269F020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8FA821-818E-4BC7-834B-94EB5C042390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FBF3D3-95A6-4869-8A69-F0E5ECA40220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D07785D0-E995-4208-AB8C-43B320D291F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "152DDD6E-CF56-4E1C-BE4D-C7BC0FD9B08C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "19BBA666-4473-4C6D-BF48-34EF3F09AD7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DDF6CC-7997-47E7-96D3-8DC10F1D17F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A1926DD0-0A9B-4F9D-BB4F-AC7AB0B3F0E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2763A6C7-DBBA-4E2A-917C-B6FF524B9891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DECDF8-7742-4D58-99FA-100A01748B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4FD3B1-3A68-4122-AA50-31BFC6C50408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "45790331-CE26-457F-8649-F027703E73EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0BFE2D-5C7B-42E0-B783-8C5907CA8635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD993C1-70B6-4ACB-B958-94E7EF973A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "C085686C-A0AA-4F56-9E7D-B5CB24B890D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D02A5197-06B9-469E-9817-45BB23324042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB6BE37-E564-4E42-BE39-36DD301C37A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "314209F2-E0A0-4045-8108-8E7215312442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "11A8ECBB-7E50-4447-88E2-893C1466C251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8F24A5-F5C3-495F-9AF0-2EE836E0147A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "46DE2DE3-F081-4B80-A4DA-C5AB27B3CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "71EF1D77-7838-47DF-B6A2-DBBAC0058FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "76BA4FEA-FEB4-47A9-9DFF-A233CEE03D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB5A63-E89E-48AB-A846-107EBEC71D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "2181FEEB-D07E-490C-9953-3490D87B63A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "36DC41DD-A291-4ECE-84B9-574828AA2A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "015D1E36-17A1-4413-B1FB-5DF4C36712BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "F64CE8F2-22B1-43F8-8934-CBCD2EFBA85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB15BE8-1B88-4117-AF14-3AA2B54DB323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CB2728-4CC7-46EA-809B-450A9BB9F884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "96638963-D264-49AD-9B77-497C3DA23DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "88544BBE-29A1-4622-B3E6-FA4B891A9B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "DD658D98-9A4D-4DC2-A935-BB3BF0E0FB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF819AF-AC11-4BD9-A070-572836A65FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "2EEAC62D-BF2B-40DF-9428-FFBF7CA09471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.55:rc01:*:*:*:*:*:*",
"matchCriteriaId": "27DFAB04-5C5C-4366-B3FC-C83AAB807F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "36327723-F953-4BD3-A525-930DDCF7931D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.56:devel:*:*:*:*:*:*",
"matchCriteriaId": "36F717B1-CC02-4878-9A78-1584074E81C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7D482811-2EF1-47AE-A41C-7532AC6DEF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.57:rc01:*:*:*:*:*:*",
"matchCriteriaId": "FF26AB67-81F8-4CD2-8E28-BDF9FE2CD58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0EE98D-0596-4147-9EC4-F3616BF2B901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C036011A-9AE1-423C-8B73-188B9BA20FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "663C6EE5-5B5E-4C0F-9E7F-D0E1DA9AF9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8051459E-94D3-4D4A-9D40-CC9475DDB00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42056C63-69A7-43CF-828C-0C3E365702D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6A39A3-7F86-4DC3-B248-859630AFB9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58377AE3-1C13-4C3F-BC55-8336DAEEF97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "005C2DA4-D00E-4206-851E-9226D66B5F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97B17602-0D97-469B-A9B1-30AAC8F758F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "857B664A-C6F9-45E3-93EA-C0F53CEF5C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFDA458-74E8-4DEF-B524-A4A8672CB66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3E3BF3-4376-4692-A515-A7B6593F28F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6AF9D5-CE60-4FC9-91AB-E243F0D429E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1AC712-110D-458F-B650-930C6D45CA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F848FA5-9682-454F-A9DE-671C4401F15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B83678-98A1-440E-950C-4A27995C7294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9EEE31-479A-4370-BF00-C26C1AF502B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "95EABD7D-1F18-4FA5-BAA9-F8D69129E531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "65B836CA-3740-48B0-966B-21E65EF3D636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3988FA1B-18D9-46AA-87BA-A6B01D4F4B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51A46409-7AC6-45DB-B92D-29988C445BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "09E2B608-6C70-446F-A3A7-369048D99855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA00AE0-F447-4361-AA37-0C98BDE491E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "21DACE94-FBDC-4A3D-8DD6-E62D18F5EE7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "220A02AF-6ADA-4B75-BC81-40B2D847029A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEB8F61-195E-41DE-90CE-22854055E9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F72B91-1F7F-41EB-ABC8-1B50AFEC70EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "111091B9-CBAE-4FC7-8B97-7D2345BFCB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "54C6D9D3-50B2-4A63-B3D1-C76C70F4443E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "4110AA74-C69D-45BC-A630-9EE3A2036BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DEFD05-10EE-4242-B885-FD1B0DF6CAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAA1090-C1C7-43A2-BD44-065572D226B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD92305-91BF-4984-A029-8FA83CBF1A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F9A6DB-19BF-4798-879E-9BD4AD5EFF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "31EE280F-D76D-478B-ADD6-D5F2C7574A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "747314F7-A515-41FF-8095-62A9F05F0DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BE9ED0-685B-41F0-A984-D33E7034AEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F6AD99-7697-47E5-8301-723C16535C76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*",
"matchCriteriaId": "07B00AD3-D13C-45B5-A13A-9092D40F4A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*",
"matchCriteriaId": "14222EA8-E8ED-4818-ACB4-C6A13643F210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*",
"matchCriteriaId": "A22C28DD-5C99-4722-9093-A1E82A2C2808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "93714B71-6331-4F5A-A12A-B4B80CA2FEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10CD562E-1F06-4779-A29C-4069E3C86B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "4D83D507-64AF-4158-97B9-1353E2F8EE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5E39EA-C32E-4E87-9A3F-CCB5144F0E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.43:devel:*:*:*:*:*:*",
"matchCriteriaId": "61B9103F-CD72-4F06-BED1-7AE4AB9E672C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF6249D-5AA8-4EA3-A92A-0E492FE5B811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE7F259-40A2-4866-8EF8-44A9913EC4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.45:devel:*:*:*:*:*:*",
"matchCriteriaId": "CFA3EED5-F0AB-4C5C-92D7-B84BFDAA31AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*",
"matchCriteriaId": "03C20A42-6A77-43D4-80D7-332BB2DF1B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.46:devel:*:*:*:*:*:*",
"matchCriteriaId": "8A0A1B56-0E92-4E81-9B2C-4F9B9D5833EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC5DBB-249B-4EED-9F54-E23CB1919ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.47:beta:*:*:*:*:*:*",
"matchCriteriaId": "C10D9119-0FF8-4DFE-8632-A14D9C83CC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "088A1BDB-BB1A-46B5-898B-23311DE27CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.48:betas:*:*:*:*:*:*",
"matchCriteriaId": "C24CA735-6EA6-41E3-A82D-D443BB47806B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D5DAA1-3632-48D7-A657-4A4C83A119D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5AE8E0-3C11-4EE1-A599-4D70C6A13F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD36C3B-3C02-488B-B480-EA091D702CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BAD272-D4B6-40CE-B5E9-63145E12B638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEB311C-766D-4070-A0BE-9CE4593C8F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C185BF59-68E4-49F8-802F-C06FE840FF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C399B31-B8EC-41C4-B6AB-83BABC474374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B00AF5F-D4F5-490C-8BF4-2B33EFBF15A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9AEB1D-0AA7-4842-9CF9-91BFD8B58A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "09150152-5DEA-4FA2-9163-63EAF4D83DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "45E5068A-42BE-478B-8C00-FE23B7837DC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8BA2974-AF9F-4382-B443-F54354B5623A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8BC209-45B9-44D6-A26D-0B570ED5BB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "468B1A0E-AF58-42C4-9801-D6F83F283360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6644ED2F-66F3-469D-8233-72FE7321E850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "B36D610D-F86A-4D46-B0F2-884FFA601C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8A976DD-87FA-425D-8E07-E3CFC4D3FD05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34978D-6ABE-463E-AB48-21CC55B7D157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "3716FF0E-AD20-46F8-B8F6-3EC42D427C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4568BB-F5FF-4BBB-9DA3-E66C2BFA2416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "E5300EC4-B3A0-42C5-8D39-67AB75C47153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "246CF13F-FDC1-499E-9FC1-5624D54E9E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "D5840A8E-AB64-40A9-8BB6-EB6BA51D40B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC66FD43-421B-4223-BA32-EC47B51E1091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "EEC9D57C-47F2-4773-85B6-FFB0C4681E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F5664B-5AB9-4DE4-99AA-8FD32DBA4A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "5CD1C8E6-DF35-47F7-877F-001AD62B57CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7712376-D776-4814-A041-FBFEAC70ADC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "DF69B34E-F7FB-4F4C-AF7D-ACD165B1233B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.10:beta:*:*:*:*:*:*",
"matchCriteriaId": "F7CC2E64-E48C-4DE6-892D-06A0B806A51B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow."
},
{
"lang": "es",
"value": "La funci\u00f3n png_set_text_2 en pngset.c en libpng v1.0.x anterior a v1.0.59, v1.2.x anterior a v1.2.49, v1.4.x anterior a v1.4.11, y v1.5.x anterior a v1.5.10 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bloqueo) o ejecutar c\u00f3digo arbitrario a trav\u00e9s de un chunk de texto manipulado en un archivo de imagen PNG, provocando un error de asignaci\u00f3n de memoria que no se manipula correctamente, dando lugar a un desbordamiento de b\u00fafer basado en memoria din\u00e1mica."
}
],
"id": "CVE-2011-3048",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-29T20:55:04.993",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0523.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48587"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48644"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48665"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48721"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48983"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49660"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT5501"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT5503"
},
{
"source": "cve@mitre.org",
"url": "http://ubuntu.com/usn/usn-1417-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2446"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:046"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/80822"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52830"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1026879"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0523.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1417-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/80822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74494"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-31 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2011/03/22/7 | Patch | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2011/03/28/6 | Patch | |
| cve@mitre.org | https://bugs.gentoo.org/159216?id=159216 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/03/22/7 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/03/28/6 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/159216?id=159216 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | 1.0.0 | |
| libpng | libpng | 1.0.1 | |
| libpng | libpng | 1.0.2 | |
| libpng | libpng | 1.0.3 | |
| libpng | libpng | 1.0.5 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.10 | |
| libpng | libpng | 1.0.10 | |
| libpng | libpng | 1.0.10 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.13 | |
| libpng | libpng | 1.0.14 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.16 | |
| libpng | libpng | 1.0.17 | |
| libpng | libpng | 1.0.17 | |
| libpng | libpng | 1.0.18 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.20 | |
| libpng | libpng | 1.0.21 | |
| libpng | libpng | 1.0.21 | |
| libpng | libpng | 1.0.21 | |
| libpng | libpng | 1.0.22 | |
| libpng | libpng | 1.0.22 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.24 | |
| libpng | libpng | 1.0.24 | |
| libpng | libpng | 1.0.25 | |
| libpng | libpng | 1.0.25 | |
| libpng | libpng | 1.0.25 | |
| libpng | libpng | 1.0.26 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.30 | |
| libpng | libpng | 1.0.30 | |
| libpng | libpng | 1.0.31 | |
| libpng | libpng | 1.0.31 | |
| libpng | libpng | 1.0.32 | |
| libpng | libpng | 1.0.33 | |
| libpng | libpng | 1.0.34 | |
| libpng | libpng | 1.0.35 | |
| libpng | libpng | 1.0.37 | |
| libpng | libpng | 1.0.38 | |
| libpng | libpng | 1.0.39 | |
| libpng | libpng | 1.0.40 | |
| libpng | libpng | 1.0.41 | |
| libpng | libpng | 1.0.42 | |
| libpng | libpng | 1.0.43 | |
| libpng | libpng | 1.0.44 | |
| libpng | libpng | 1.0.45 | |
| libpng | libpng | 1.0.46 | |
| libpng | libpng | 1.0.47 | |
| libpng | libpng | 1.0.48 | |
| libpng | libpng | 1.0.50 | |
| libpng | libpng | 1.0.51 | |
| libpng | libpng | 1.0.52 | |
| libpng | libpng | 1.0.53 | |
| libpng | libpng | 1.0.54 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ECE90FD5-FD27-4311-9CC0-92DA511E0A30",
"versionEndIncluding": "1.2.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6B3DAF-DF99-48B2-8E7C-BE8E043D4C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29050958-EFD8-4A79-9022-EF72AAD4EDB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CB33B1-71B2-4235-A2C1-FCAEA9844A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "436F8C71-1780-4DC6-937B-8F1F51C7453D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF2C6F3-BFE7-4234-9975-DE7FCDA26A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B79DC5F-5062-4031-BA11-746EE3C8E1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:a:*:*:*:*:*:*",
"matchCriteriaId": "4CF9C3AB-DE2A-485E-A7C6-442B239447B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:d:*:*:*:*:*:*",
"matchCriteriaId": "A8F3EAC4-FB4B-429B-8C9E-EA19C970B712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:e:*:*:*:*:*:*",
"matchCriteriaId": "01B1755E-1F7A-4E8D-9726-63DC4FC4029A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:f:*:*:*:*:*:*",
"matchCriteriaId": "E4648C1A-13C1-4082-AFC1-EE9B7EBC401C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:g:*:*:*:*:*:*",
"matchCriteriaId": "EF340285-5195-445C-ADB2-F1EF2FF901CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:h:*:*:*:*:*:*",
"matchCriteriaId": "B64DD9BF-26E3-4BEE-BFE0-FFD523600CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:i:*:*:*:*:*:*",
"matchCriteriaId": "7F0C5F5B-96E1-41F5-A233-487A929B2590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:j:*:*:*:*:*:*",
"matchCriteriaId": "5A0CCEEC-A625-4BF8-8696-BF6260AD8445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD6DE25-8B2F-4DB9-9969-8AAC23BC0AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta11:*:*:*:*:*:*",
"matchCriteriaId": "B2DF0E03-3EC6-400A-9AF6-B653053C17D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta12:*:*:*:*:*:*",
"matchCriteriaId": "5216F808-88C7-4E1A-9FCE-C8DE5680AAB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta13:*:*:*:*:*:*",
"matchCriteriaId": "52C6D2E3-1617-4530-845D-40188526D238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta14:*:*:*:*:*:*",
"matchCriteriaId": "6E17E296-E69C-48C7-9B7F-FC85BCB7FF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta15:*:*:*:*:*:*",
"matchCriteriaId": "36F3EFF1-08E9-42C0-ACC9-55A22BDEE978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta16:*:*:*:*:*:*",
"matchCriteriaId": "E9D10792-38F4-488F-9E08-15FF15A9A3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta17:*:*:*:*:*:*",
"matchCriteriaId": "AA9ED9B2-D9D4-4200-B387-21A893453E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta18:*:*:*:*:*:*",
"matchCriteriaId": "3983C9FC-7546-41BE-8E22-B3471DF9F3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BFAB3DFB-58B7-4713-B88B-26424D639B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2131F2BB-80E3-46A0-A0D8-4450C625A525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "35F2B503-1516-465D-A558-9932BDB3457D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C686308E-1A71-40E5-BCDE-5144217D41A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:beta2:*:*:*:*:*:*",
"matchCriteriaId": "D1F37F93-8BE1-4716-B35D-1CB2629867A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:beta3:*:*:*:*:*:*",
"matchCriteriaId": "AF4127BB-2A91-4243-B3ED-10D945B6995A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E09AAB1F-14FB-42E9-8983-30D2164EA0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "50190A04-5CF2-400E-BAE4-9C7F177ECFE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BA94EAAA-A4D2-4E36-BC69-BBE9644FE970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta1:*:*:*:*:*:*",
"matchCriteriaId": "AFB264E6-1640-459C-8DD0-C9D72124F125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta10:*:*:*:*:*:*",
"matchCriteriaId": "2A6E3454-14E2-43C8-8E71-1E800FCBE9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta2:*:*:*:*:*:*",
"matchCriteriaId": "BA610E96-CE50-46B0-B695-F4A5FA77AB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta3:*:*:*:*:*:*",
"matchCriteriaId": "30459EAB-E65B-4487-A90F-389477F0BA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E89FFA90-6AB5-4587-8F40-E7001E4DD470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta5:*:*:*:*:*:*",
"matchCriteriaId": "A2FDACC8-7BFD-477E-A79A-C933CB5C8EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9139F742-A946-4D2F-9C14-95216C06ED4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta7:*:*:*:*:*:*",
"matchCriteriaId": "0DBCDA70-BB1B-4408-A2F3-ADB7A7B77A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta8:*:*:*:*:*:*",
"matchCriteriaId": "AA4D368C-C167-4CF3-9013-FFC297D1D977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta9:*:*:*:*:*:*",
"matchCriteriaId": "D3571DD2-5200-48AE-83C9-B1DFF3A1FEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "782DFA55-BB92-41CD-A4DF-D986C387EB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2601CCF9-3A89-4EEF-9941-894AEAF89F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A7C96C-8FBB-42B4-937E-3321C939CC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.10:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BFE11FC5-8A49-434E-B828-AE7C011B03CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "265EC12C-6239-4367-9769-73AC999556F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94084356-D39B-41B2-AC24-0ADAD0BF5988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6DA772E3-B022-4F5E-8D43-C0BE64F187D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C6589696-904B-4F7B-84F7-0E8D2F0ACFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F5CF8EED-F09B-4AB8-A0F1-1F8DBB5385BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C3909436-175A-4DC7-956F-C0905DA579FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "086C6335-7872-46A7-AEB1-9BE5AE5A788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CB0532A8-3F66-49D3-95BF-2E78DB6EC471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FED11C9F-4E2D-4364-AEEC-43E61531BA9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8233B1-04A0-4E25-97EE-CF466B48A12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FA714E7E-05EF-4598-9324-887BC66C675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CF3B73-D3B9-4D76-B411-C837BCE0806E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEC7C52B-0D8D-4509-B9B5-B12E54EA3A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AB0514ED-C8F8-4F15-A40F-04D643F3DB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D77DCDC0-29DD-4BC8-BE30-3A348963F821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1752D91-3468-4E22-B60F-6789B3CBD7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F433AA7E-A780-4D45-AD1A-5A4CE1F3FCD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4338C87-B3CB-4CA7-BFAA-ADA1D919F203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "93E210A7-489B-4EA7-A840-599523157DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B37565FA-72F5-4063-8D7A-97BC269F020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "434AED09-680D-43BC-B9CA-E78028035CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "009AF32A-19B9-4E56-B5D2-2D19082EF102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2643AA61-AB01-4252-8E50-81D5C74F8707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02552E07-D9C8-4DF8-AD63-B3A7B5C2C2DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8FA821-818E-4BC7-834B-94EB5C042390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FBF3D3-95A6-4869-8A69-F0E5ECA40220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "425B207B-D11B-468B-A2C6-BDF276AE4264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8B0055B-D0F1-4D8C-AE96-06315FFCC602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D07785D0-E995-4208-AB8C-43B320D291F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A42AC8B9-BEB2-4495-8A42-2AEDB29A3DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "152DDD6E-CF56-4E1C-BE4D-C7BC0FD9B08C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "76C2D14E-FD1C-430A-AC08-D61F997D8BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5B34C747-1D67-458A-B9D1-FA61954F7067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:rc3:*:*:*:*:*:*",
"matchCriteriaId": "16E618FC-38AA-477A-8F8E-BC5BFB0713C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:rc4:*:*:*:*:*:*",
"matchCriteriaId": "0149BCA7-DCFC-449B-8AD5-DC6F9BBC80B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:rc5:*:*:*:*:*:*",
"matchCriteriaId": "31D2BD41-12CE-47F1-ABD5-BE7AFFABF96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "19BBA666-4473-4C6D-BF48-34EF3F09AD7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.24:rc1:*:*:*:*:*:*",
"matchCriteriaId": "75767F08-B52A-412D-ADA8-1E23777DA2DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DDF6CC-7997-47E7-96D3-8DC10F1D17F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.25:rc1:*:*:*:*:*:*",
"matchCriteriaId": "854C857C-762D-400D-AFB6-3353558D0D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.25:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BB239211-BF7F-4357-B19F-221147CFC37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A1926DD0-0A9B-4F9D-BB4F-AC7AB0B3F0E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2763A6C7-DBBA-4E2A-917C-B6FF524B9891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D357DF0B-E6CB-4E24-9AE3-6A2C9A422AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C5BFEAD-9028-4F69-AB72-6004B0885A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9277C1BB-81B7-4971-B68B-20672AEC1644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:rc4:*:*:*:*:*:*",
"matchCriteriaId": "588913EA-69A8-4053-9181-37FB0E8DA273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D7D20090-A8E7-47D8-AD67-327B01315BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:rc6:*:*:*:*:*:*",
"matchCriteriaId": "896D47F2-4F84-4F32-9F94-90F9B5F36BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DECDF8-7742-4D58-99FA-100A01748B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:rc2:*:*:*:*:*:*",
"matchCriteriaId": "01590CB5-4BAA-43CC-802F-3486EAD52BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6DEAD5D0-7D13-4B46-AC43-3F0A5291A53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:rc4:*:*:*:*:*:*",
"matchCriteriaId": "45E0E86E-3932-4EE2-B34C-D5861FD16187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:rc5:*:*:*:*:*:*",
"matchCriteriaId": "C6435C47-5DC0-4EB6-984D-9231EB334AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:rc6:*:*:*:*:*:*",
"matchCriteriaId": "2DF231E5-CD60-4D4D-9A08-443C8CA500F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4FD3B1-3A68-4122-AA50-31BFC6C50408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:beta1:*:*:*:*:*:*",
"matchCriteriaId": "828BE0B5-8DF7-4C29-B55B-6AA01FBFD004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B654AFC2-0A1D-477F-A922-B235B9EF83D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:rc2:*:*:*:*:*:*",
"matchCriteriaId": "100CCE68-F893-441B-ABF4-DAF968BD623C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B3E393C0-85F8-49E4-929C-A390E0F3D884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "45790331-CE26-457F-8649-F027703E73EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.30:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A840A036-BBE0-4DAC-A7D9-11A3C48FC131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0BFE2D-5C7B-42E0-B783-8C5907CA8635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.31:rc01:*:*:*:*:*:*",
"matchCriteriaId": "6D366AD3-5FC2-4B75-8002-D966DC337261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD993C1-70B6-4ACB-B958-94E7EF973A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "C085686C-A0AA-4F56-9E7D-B5CB24B890D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D02A5197-06B9-469E-9817-45BB23324042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB6BE37-E564-4E42-BE39-36DD301C37A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "314209F2-E0A0-4045-8108-8E7215312442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "11A8ECBB-7E50-4447-88E2-893C1466C251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8F24A5-F5C3-495F-9AF0-2EE836E0147A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "46DE2DE3-F081-4B80-A4DA-C5AB27B3CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "71EF1D77-7838-47DF-B6A2-DBBAC0058FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "76BA4FEA-FEB4-47A9-9DFF-A233CEE03D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB5A63-E89E-48AB-A846-107EBEC71D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "2181FEEB-D07E-490C-9953-3490D87B63A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "36DC41DD-A291-4ECE-84B9-574828AA2A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "015D1E36-17A1-4413-B1FB-5DF4C36712BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "F64CE8F2-22B1-43F8-8934-CBCD2EFBA85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB15BE8-1B88-4117-AF14-3AA2B54DB323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CB2728-4CC7-46EA-809B-450A9BB9F884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "96638963-D264-49AD-9B77-497C3DA23DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "88544BBE-29A1-4622-B3E6-FA4B891A9B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "DD658D98-9A4D-4DC2-A935-BB3BF0E0FB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF819AF-AC11-4BD9-A070-572836A65FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C036011A-9AE1-423C-8B73-188B9BA20FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F008946C-43E9-4ECD-AE9F-486A4686AE87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6A4D6BB0-8E1A-49A4-BBC9-CBFA252C92A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CFE1DB59-0A60-432B-9D88-906C4FE6D6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C111BDD4-2A52-4FB7-8D21-6049A10BCDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6B33807C-8E7B-4A04-BE92-59C1B845AD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1614466-8EAC-4404-A674-EFFE0FFFBDC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "663C6EE5-5B5E-4C0F-9E7F-D0E1DA9AF9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FF2D5068-5BF3-425C-8B1A-E12E3D3CD8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "BF4F7833-4F88-4C54-AEC7-3C4FB797AE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F2A973ED-CA5B-4A18-ACAB-1542E3866896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "FA737702-6335-42F9-99B9-856D531B70F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8EAD9719-2736-40AE-BBEB-8BA627E8DF7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62693E5F-2EF6-49B5-9946-42CE61F4ACFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3E3BF3-4376-4692-A515-A7B6593F28F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E83B68F-B0E2-4C37-A711-1714652AB961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4F17A4B7-99C2-407A-9536-4B54EDC02899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F854F244-78C9-46C6-8862-1DA58912FCE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta4:*:*:*:*:*:*",
"matchCriteriaId": "9A4C883A-A2A3-4D5F-8114-CE9220FFF7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta5:*:*:*:*:*:*",
"matchCriteriaId": "3544F0FF-3EEE-4902-B412-EB57D6AE7A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta6:*:*:*:*:*:*",
"matchCriteriaId": "5F428FF4-21A8-4605-AFCD-E78F43E46AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta7:*:*:*:*:*:*",
"matchCriteriaId": "7132AA21-DC2F-4493-9BCC-27E3D8F075AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B65F8362-934F-452D-8E86-0DB2E3C7B43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "934D0AB5-62FB-4EC1-971A-A1BA8EEAD008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5891F237-D1DB-4CCE-8A8B-D10E7EDCB926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6AF9D5-CE60-4FC9-91AB-E243F0D429E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E114E18D-2882-4843-9356-279C69ABCBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta2:*:*:*:*:*:*",
"matchCriteriaId": "5E271694-B8C8-4BCF-8B4A-0425BA50EF6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E36CC085-34FF-4B84-8628-74BEEC686C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta4:*:*:*:*:*:*",
"matchCriteriaId": "06793BE6-3370-4FCB-A400-C6AF95D1E66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE742D36-3A33-4316-8326-FA2F1B228E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "25D0C5E1-4D8D-42EE-8C94-12D442181DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3326F984-8312-4E7F-A269-0A06FAC8BE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "290CF6FC-3BD6-4974-9DEC-188B79DC816A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F848FA5-9682-454F-A9DE-671C4401F15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:beta1:*:*:*:*:*:*",
"matchCriteriaId": "782ABB64-C2F2-4326-A69F-75E514055C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0EF9CEE2-8DB6-480F-970C-E19FEF31D0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "28C13A65-C0D6-4904-8C92-E5233D7E5CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B83678-98A1-440E-950C-4A27995C7294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:beta1:*:*:*:*:*:*",
"matchCriteriaId": "38993FC7-12DD-4D75-8EC6-719C0AD66191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:beta2:*:*:*:*:*:*",
"matchCriteriaId": "0CAF82B9-020B-48FD-BE3D-70B8A7A8CDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C43481DF-59C5-4E9B-8CB9-49E4873B7263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9EEE31-479A-4370-BF00-C26C1AF502B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BFFC71CB-0B01-4A34-85B8-8A27C1E7D451",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length."
},
{
"lang": "es",
"value": "Una p\u00e9rdida de memoria en pngwutil.c en libpng v1.2.13beta1, y otras versiones anteriores a la v1.2.15beta3, permite provocar una denegaci\u00f3n de servicio (p\u00e9rdida de memoria o fallo de segmentaci\u00f3n) a atacantes dependientes del contexto a trav\u00e9s de una imagen JPEG que contiene un trozo del ICCP con un perfil incrustado de longitud negativa."
}
],
"id": "CVE-2006-7244",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-31T23:55:00.973",
"references": [
{
"source": "cve@mitre.org",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/22/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/28/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugs.gentoo.org/159216?id=159216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/22/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/28/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugs.gentoo.org/159216?id=159216"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-30 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20 | ||
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.vmware.com/pipermail/security-announce/2010/000105.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/40302 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/40336 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/40472 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/40547 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/41574 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/42314 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/42317 | Broken Link | |
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061 | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT4435 | Broken Link | |
| secalert@redhat.com | http://support.apple.com/kb/HT4456 | Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT4457 | Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT4554 | Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT4566 | Broken Link | |
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2072 | Third Party Advisory | |
| secalert@redhat.com | http://www.libpng.org/pub/png/libpng.html | Product, Vendor Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:133 | Broken Link | |
| secalert@redhat.com | http://www.securityfocus.com/bid/41174 | Patch, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securitytracker.com/id?1024723 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-960-1 | Third Party Advisory | |
| secalert@redhat.com | http://www.vmware.com/security/advisories/VMSA-2010-0014.html | Third Party Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1612 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1637 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1755 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1837 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1846 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1877 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/2491 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/3045 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/3046 | Broken Link | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=608644 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/59816 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000105.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40302 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40336 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40472 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40547 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/41574 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42314 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42317 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4435 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4456 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4457 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4554 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4566 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2072 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.libpng.org/pub/png/libpng.html | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:133 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/41174 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1024723 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-960-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0014.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1612 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1637 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1755 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1837 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1846 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1877 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/2491 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/3045 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/3046 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=608644 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/59816 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | * | |
| apple | itunes | * | |
| apple | safari | * | |
| apple | iphone_os | * | |
| apple | tvos | * | |
| fedoraproject | fedora | 12 | |
| fedoraproject | fedora | 13 | |
| opensuse | opensuse | 11.1 | |
| opensuse | opensuse | 11.2 | |
| suse | linux_enterprise_server | 9 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| vmware | player | * | |
| vmware | player | * | |
| vmware | workstation | * | |
| vmware | workstation | * | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 9.04 | |
| canonical | ubuntu_linux | 9.10 | |
| canonical | ubuntu_linux | 10.04 | |
| debian | debian_linux | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A7768B8-2319-4AAF-B38E-A3B21A37B0FE",
"versionEndExcluding": "1.2.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13C02A4C-7A19-4F0D-A192-C031833576D6",
"versionEndExcluding": "1.4.3",
"versionStartIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE850901-4B2A-4C98-836A-40683CB02FB4",
"versionEndExcluding": "10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57A2B591-583F-4644-A900-4890FEFEE18C",
"versionEndExcluding": "5.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D97C1BD-57D8-4131-B437-6BA9F41C8F50",
"versionEndIncluding": "4.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "407115F2-CC65-448B-8133-D3D57AD306BA",
"versionEndExcluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
"matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
"matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
"matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "926563F5-E868-4E88-A1F8-B29624FB2438",
"versionEndExcluding": "2.5.5",
"versionStartIncluding": "2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F01F27AB-A8F6-455B-9495-821520435771",
"versionEndExcluding": "3.1.2",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "894BC4D6-EBB6-4743-A860-170D7D31196A",
"versionEndExcluding": "6.5.5",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D23900B-C027-44C5-B912-9F7F71C7EBD1",
"versionEndExcluding": "7.1.2",
"versionStartIncluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks."
},
{
"lang": "es",
"value": "Fuga de memoria en pngrutil.c en libpng anteriores a v1.2.44 y v1.4.x anteriores a v.1.4.3, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una imagen que contiene un troceado mal formado del Physical Scale (tambi\u00e9n conocido como sCAL)"
}
],
"id": "CVE-2010-2249",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2010-06-30T18:30:01.847",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40302"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40336"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40472"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40547"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/41574"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/42317"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4457"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4554"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT4566"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2072"
},
{
"source": "secalert@redhat.com",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41174"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1024723"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-960-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1612"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1637"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1755"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1846"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1877"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/3045"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608644"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/41574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/42317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT4566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1024723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-960-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/3045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59816"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-18 18:59
Modified
2025-06-09 16:15
Severity ?
Summary
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html | Vendor Advisory | |
| cret@cert.org | http://secunia.com/advisories/62725 | Permissions Required, Third Party Advisory | |
| cret@cert.org | http://sourceforge.net/p/png-mng/mailman/message/33173461/ | Third Party Advisory | |
| cret@cert.org | http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt | Exploit | |
| cret@cert.org | http://www.openwall.com/lists/oss-security/2015/01/10/1 | Exploit, Third Party Advisory | |
| cret@cert.org | http://www.openwall.com/lists/oss-security/2015/01/10/3 | Exploit | |
| cret@cert.org | http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | Third Party Advisory | |
| cret@cert.org | https://security.netapp.com/advisory/ntap-20240719-0005/ | ||
| cret@cert.org | https://support.apple.com/HT206167 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/62725 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/p/png-mng/mailman/message/33173461/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/01/10/1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/01/10/3 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240719-0005/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206167 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | solaris | 11.2 | |
| libpng | libpng | * | |
| libpng | libpng | 1.6.0 | |
| libpng | libpng | 1.6.0 | |
| libpng | libpng | 1.6.1 | |
| libpng | libpng | 1.6.1 | |
| libpng | libpng | 1.6.2 | |
| libpng | libpng | 1.6.2 | |
| libpng | libpng | 1.6.3 | |
| libpng | libpng | 1.6.3 | |
| libpng | libpng | 1.6.4 | |
| libpng | libpng | 1.6.4 | |
| libpng | libpng | 1.6.5 | |
| libpng | libpng | 1.6.6 | |
| libpng | libpng | 1.6.7 | |
| libpng | libpng | 1.6.7 | |
| libpng | libpng | 1.6.8 | |
| libpng | libpng | 1.6.8 | |
| libpng | libpng | 1.6.9 | |
| libpng | libpng | 1.6.9 | |
| libpng | libpng | 1.6.10 | |
| libpng | libpng | 1.6.10 | |
| libpng | libpng | 1.6.11 | |
| libpng | libpng | 1.6.11 | |
| libpng | libpng | 1.6.12 | |
| libpng | libpng | 1.6.13 | |
| libpng | libpng | 1.6.13 | |
| libpng | libpng | 1.6.14 | |
| libpng | libpng | 1.6.14 | |
| libpng | libpng | 1.6.15 | |
| libpng | libpng | 1.6.15 | |
| apple | mac_os_x | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83D384F2-90CA-4A6A-82C0-95F572099E78",
"versionEndIncluding": "1.5.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0D174-F35C-488B-8577-00EFB7741089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "051989A3-3F72-4223-98DF-54B0488656F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDC5DA5-F2A7-4819-BB9D-258EB9AB7857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "02FCC235-9564-4B92-B1AB-294EAB110E95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27B34D78-C0BC-45DC-AD84-F5F13451ED7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "40C344C8-812C-4EDE-9AD6-31EF7F0E24C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D3A7EC-774C-423F-BDE1-CDCB9433D87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "B9353E66-56D2-4CD1-BC30-5B2FF0F4E722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B898B95-CF41-4813-8FE7-776BD59A6A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "5D9BF9ED-965A-4BF5-A3EC-FAFCE880F14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5E5899-5A3F-49A1-B18C-4C97566B87BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C7897EEC-DE43-485A-B2CD-E8623A6D2C8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC16FE2-E94E-45B9-94F0-B6434B21DD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "278434CA-DD56-47FC-9C15-4B9D4159786C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8DAE31-CCA9-450D-90E5-B8F0490FB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "0C5712AB-1A98-45DB-8384-5CD70D03684C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "52FEB5C9-0C13-4FD6-876C-AAE7ED4E986C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "B2903D2B-A99A-4120-88DC-A1DF59085F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2337F9F3-D26D-4A24-880A-800CD5C16795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.10:beta:*:*:*:*:*:*",
"matchCriteriaId": "D97CC2D1-657A-48D7-8035-89986341B56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "31F71BA3-5402-448E-9068-EB0DCA1D62EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.11:beta:*:*:*:*:*:*",
"matchCriteriaId": "3539DE6A-05BE-47EB-A89F-D3E4D98FC014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.12:beta:*:*:*:*:*:*",
"matchCriteriaId": "4A004603-261B-49DB-B15B-A8EE0F3AB4BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "AD67323A-8463-4B8F-B370-40C2ACFF4D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.13:beta:*:*:*:*:*:*",
"matchCriteriaId": "6944746B-2032-4088-A7EB-EE004F12274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2BBA4F43-0FD0-4D7D-84A0-37C8E79B9B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.14:beta:*:*:*:*:*:*",
"matchCriteriaId": "7AC27CC2-D64C-4AED-A0DF-F6F2920D7AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "71E01CC8-1C29-4C46-8213-B48A2364CE8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.15:beta:*:*:*:*:*:*",
"matchCriteriaId": "2A8396AB-D983-4F04-A9F5-FA120A0E0AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82",
"versionEndIncluding": "10.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en la funci\u00f3n png_read_IDAT_data en pngrutil.c en libpng anterior a 1.5.21 y 1.6.x anterior a 1.6.16 permite a atacantes dependientes de contexto ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos IDAT con una anchura grande, una vulnerabilidad diferente a CVE-2014-9495."
}
],
"id": "CVE-2015-0973",
"lastModified": "2025-06-09T16:15:24.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2015-01-18T18:59:03.020",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "cret@cert.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/62725"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "cret@cert.org",
"url": "https://security.netapp.com/advisory/ntap-20240719-0005/"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/62725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240719-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206167"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-22 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://secunia.com/advisories/47827 | Vendor Advisory | |
| product-security@apple.com | http://secunia.com/advisories/49660 | Vendor Advisory | |
| product-security@apple.com | http://security.gentoo.org/glsa/glsa-201206-15.xml | ||
| product-security@apple.com | http://www.libpng.org/pub/png/libpng.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47827 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49660 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201206-15.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.libpng.org/pub/png/libpng.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | 1.5.0 | |
| libpng | libpng | 1.5.1 | |
| libpng | libpng | 1.5.1 | |
| libpng | libpng | 1.5.2 | |
| libpng | libpng | 1.5.2 | |
| libpng | libpng | 1.5.3 | |
| libpng | libpng | 1.5.4 | |
| libpng | libpng | 1.5.4 | |
| libpng | libpng | 1.5.5 | |
| libpng | libpng | 1.5.5 | |
| libpng | libpng | 1.5.6 | |
| libpng | libpng | 1.5.6 | |
| libpng | libpng | 1.5.7 | |
| libpng | libpng | 1.5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8BA2974-AF9F-4382-B443-F54354B5623A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8BC209-45B9-44D6-A26D-0B570ED5BB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "468B1A0E-AF58-42C4-9801-D6F83F283360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6644ED2F-66F3-469D-8233-72FE7321E850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "B36D610D-F86A-4D46-B0F2-884FFA601C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8A976DD-87FA-425D-8E07-E3CFC4D3FD05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34978D-6ABE-463E-AB48-21CC55B7D157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "3716FF0E-AD20-46F8-B8F6-3EC42D427C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4568BB-F5FF-4BBB-9DA3-E66C2BFA2416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "E5300EC4-B3A0-42C5-8D39-67AB75C47153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "246CF13F-FDC1-499E-9FC1-5624D54E9E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "D5840A8E-AB64-40A9-8BB6-EB6BA51D40B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC66FD43-421B-4223-BA32-EC47B51E1091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "EEC9D57C-47F2-4773-85B6-FFB0C4681E0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow."
},
{
"lang": "es",
"value": "Error de superaci\u00f3n de l\u00edmite (off-by-one) en la funci\u00f3n png_formatted_warning en pngerror.c en libpng v1.5.4 1.5.7 podr\u00eda permitir a trav\u00e9s de los atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, que desencadenan un desbordamiento de b\u00fafer basado en pila."
}
],
"id": "CVE-2011-3464",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-22T17:55:01.163",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47827"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49660"
},
{
"source": "product-security@apple.com",
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "product-security@apple.com",
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.libpng.org/pub/png/libpng.html"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-30 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://blackberry.com/btsc/KB27244 | Broken Link | |
| cve@mitre.org | http://code.google.com/p/chromium/issues/detail?id=45983 | Exploit, Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html | Release Notes, Third Party Advisory | |
| cve@mitre.org | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000105.html | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/40302 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/40336 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/40472 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/40547 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/41574 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/42314 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/42317 | Broken Link | |
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://support.apple.com/kb/HT4312 | Third Party Advisory | |
| cve@mitre.org | http://support.apple.com/kb/HT4435 | Broken Link | |
| cve@mitre.org | http://support.apple.com/kb/HT4456 | Third Party Advisory | |
| cve@mitre.org | http://support.apple.com/kb/HT4457 | Third Party Advisory | |
| cve@mitre.org | http://support.apple.com/kb/HT4554 | Third Party Advisory | |
| cve@mitre.org | http://support.apple.com/kb/HT4566 | Broken Link | |
| cve@mitre.org | http://trac.webkit.org/changeset/61816 | Patch, Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2010/dsa-2072 | Third Party Advisory | |
| cve@mitre.org | http://www.libpng.org/pub/png/libpng.html | Product, Vendor Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2010:133 | Broken Link | |
| cve@mitre.org | http://www.mozilla.org/security/announce/2010/mfsa2010-41.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/41174 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-960-1 | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0014.html | Patch, Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/1612 | Broken Link | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/1637 | Broken Link | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/1755 | Broken Link | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/1837 | Broken Link | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/1846 | Broken Link | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/1877 | Broken Link | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/2491 | Broken Link | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/3045 | Broken Link | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/3046 | Broken Link | |
| cve@mitre.org | https://bugs.webkit.org/show_bug.cgi?id=40798 | Permissions Required, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.mozilla.org/show_bug.cgi?id=570451 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=608238 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/59815 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blackberry.com/btsc/KB27244 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://code.google.com/p/chromium/issues/detail?id=45983 | Exploit, Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000105.html | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40302 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40336 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40472 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40547 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/41574 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42314 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42317 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4312 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4435 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4456 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4457 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4554 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4566 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://trac.webkit.org/changeset/61816 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2072 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.libpng.org/pub/png/libpng.html | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:133 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/2010/mfsa2010-41.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/41174 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-960-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0014.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1612 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1637 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1755 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1837 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1846 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1877 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/2491 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/3045 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/3046 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.webkit.org/show_bug.cgi?id=40798 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=570451 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=608238 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/59815 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | * | |
| chrome | * | ||
| apple | itunes | * | |
| apple | safari | * | |
| apple | iphone_os | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x_server | * | |
| fedoraproject | fedora | 12 | |
| fedoraproject | fedora | 13 | |
| opensuse | opensuse | 11.1 | |
| opensuse | opensuse | 11.2 | |
| suse | linux_enterprise_server | 9 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| vmware | player | * | |
| vmware | player | * | |
| vmware | workstation | * | |
| vmware | workstation | * | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 9.04 | |
| canonical | ubuntu_linux | 9.10 | |
| canonical | ubuntu_linux | 10.04 | |
| debian | debian_linux | 5.0 | |
| mozilla | firefox | * | |
| mozilla | firefox | * | |
| mozilla | seamonkey | * | |
| mozilla | thunderbird | * | |
| mozilla | thunderbird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A7768B8-2319-4AAF-B38E-A3B21A37B0FE",
"versionEndExcluding": "1.2.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13C02A4C-7A19-4F0D-A192-C031833576D6",
"versionEndExcluding": "1.4.3",
"versionStartIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0EC41A-6188-4918-864D-A30F4C011707",
"versionEndExcluding": "5.0.375.99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE850901-4B2A-4C98-836A-40683CB02FB4",
"versionEndExcluding": "10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57A2B591-583F-4644-A900-4890FEFEE18C",
"versionEndExcluding": "5.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D97C1BD-57D8-4131-B437-6BA9F41C8F50",
"versionEndIncluding": "4.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25512493-BB20-46B2-B40A-74E67F0797B6",
"versionEndExcluding": "10.6.4",
"versionStartIncluding": "10.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7461BE-1CAC-46D6-95E6-1B2DFC5A4CCF",
"versionEndExcluding": "10.6.4",
"versionStartIncluding": "10.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
"matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
"matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
"matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "926563F5-E868-4E88-A1F8-B29624FB2438",
"versionEndExcluding": "2.5.5",
"versionStartIncluding": "2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F01F27AB-A8F6-455B-9495-821520435771",
"versionEndExcluding": "3.1.2",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "894BC4D6-EBB6-4743-A860-170D7D31196A",
"versionEndExcluding": "6.5.5",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D23900B-C027-44C5-B912-9F7F71C7EBD1",
"versionEndExcluding": "7.1.2",
"versionStartIncluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "016DCEE3-2209-4494-A1F8-58422056B29D",
"versionEndExcluding": "3.5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DDD9439-D312-4AB2-87E6-2E2154F191C1",
"versionEndExcluding": "3.6.7",
"versionStartIncluding": "3.5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAC42ED-38D9-4D2F-945E-B19F267B36FB",
"versionEndExcluding": "2.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C49B7B3C-9F1D-4260-B07A-1B7B8ACE04FD",
"versionEndExcluding": "3.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76D0ADB0-B60C-4108-AA8A-49766BEC6C01",
"versionEndExcluding": "3.1.1",
"versionStartIncluding": "3.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales."
}
],
"id": "CVE-2010-1205",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2010-06-30T18:30:01.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://blackberry.com/btsc/KB27244"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=45983"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html"
},
{
"source": "cve@mitre.org",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40302"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40336"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40472"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40547"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/41574"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/42317"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4312"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4457"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4554"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT4566"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://trac.webkit.org/changeset/61816"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2072"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41174"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-960-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1612"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1637"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1755"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1846"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1877"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/3045"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=40798"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=570451"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59815"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://blackberry.com/btsc/KB27244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=45983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/41574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/42317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT4566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://trac.webkit.org/changeset/61816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-960-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/3045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=40798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=570451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-14 16:05
Modified
2025-04-09 00:30
Severity ?
Summary
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://libpng.sourceforge.net/Advisory-1.2.26.txt | ||
| secalert@redhat.com | http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html | ||
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html | ||
| secalert@redhat.com | http://secunia.com/advisories/29678 | ||
| secalert@redhat.com | http://secunia.com/advisories/29792 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/29957 | ||
| secalert@redhat.com | http://secunia.com/advisories/29992 | ||
| secalert@redhat.com | http://secunia.com/advisories/30009 | ||
| secalert@redhat.com | http://secunia.com/advisories/30157 | ||
| secalert@redhat.com | http://secunia.com/advisories/30174 | ||
| secalert@redhat.com | http://secunia.com/advisories/30402 | ||
| secalert@redhat.com | http://secunia.com/advisories/30486 | ||
| secalert@redhat.com | http://secunia.com/advisories/31882 | ||
| secalert@redhat.com | http://secunia.com/advisories/33137 | ||
| secalert@redhat.com | http://secunia.com/advisories/34152 | ||
| secalert@redhat.com | http://secunia.com/advisories/34388 | ||
| secalert@redhat.com | http://secunia.com/advisories/35074 | ||
| secalert@redhat.com | http://secunia.com/advisories/35258 | ||
| secalert@redhat.com | http://secunia.com/advisories/35302 | ||
| secalert@redhat.com | http://secunia.com/advisories/35386 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200804-15.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200805-10.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200812-15.xml | ||
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.541247 | ||
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 | ||
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 | ||
| secalert@redhat.com | http://support.apple.com/kb/HT3549 | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm | ||
| secalert@redhat.com | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1750 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:156 | ||
| secalert@redhat.com | http://www.ocert.org/advisories/ocert-2008-003.html | ||
| secalert@redhat.com | http://www.osvdb.org/44364 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0333.html | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/490823/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/491424/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/503912/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/28770 | ||
| secalert@redhat.com | http://www.securitytracker.com/id?1019840 | ||
| secalert@redhat.com | http://www.us-cert.gov/cas/techalerts/TA08-260A.html | US Government Resource | |
| secalert@redhat.com | http://www.us-cert.gov/cas/techalerts/TA09-133A.html | US Government Resource | |
| secalert@redhat.com | http://www.vmware.com/security/advisories/VMSA-2009-0007.html | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/1225/references | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/2584 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1297 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1451 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1462 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1560 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/41800 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10326 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6275 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.sourceforge.net/Advisory-1.2.26.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29678 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29792 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29957 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29992 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30009 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30157 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30174 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30402 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30486 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31882 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33137 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34152 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34388 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35258 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35302 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35386 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200804-15.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200805-10.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200812-15.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.541247 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3549 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1750 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:156 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ocert.org/advisories/ocert-2008-003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/44364 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0333.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/490823/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/491424/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/503912/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28770 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1019840 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA08-260A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-133A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0007.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1225/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2584 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1297 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1451 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1462 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1560 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41800 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10326 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6275 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.10 | |
| libpng | libpng | 1.0.10 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.13 | |
| libpng | libpng | 1.0.14 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.16 | |
| libpng | libpng | 1.0.17 | |
| libpng | libpng | 1.0.18 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.20 | |
| libpng | libpng | 1.0.21 | |
| libpng | libpng | 1.0.21 | |
| libpng | libpng | 1.0.21 | |
| libpng | libpng | 1.0.22 | |
| libpng | libpng | 1.0.22 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.24 | |
| libpng | libpng | 1.0.24 | |
| libpng | libpng | 1.0.25 | |
| libpng | libpng | 1.0.25 | |
| libpng | libpng | 1.0.25 | |
| libpng | libpng | 1.0.26 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.30 | |
| libpng | libpng | 1.0.30 | |
| libpng | libpng | 1.0.31 | |
| libpng | libpng | 1.0.31 | |
| libpng | libpng | 1.0.32 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.7 | |
| libpng | libpng | 1.2.7 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 | |
| libpng | libpng | 1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:a:*:*:*:*:*:*",
"matchCriteriaId": "4CF9C3AB-DE2A-485E-A7C6-442B239447B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:d:*:*:*:*:*:*",
"matchCriteriaId": "A8F3EAC4-FB4B-429B-8C9E-EA19C970B712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:e:*:*:*:*:*:*",
"matchCriteriaId": "01B1755E-1F7A-4E8D-9726-63DC4FC4029A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:f:*:*:*:*:*:*",
"matchCriteriaId": "E4648C1A-13C1-4082-AFC1-EE9B7EBC401C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:g:*:*:*:*:*:*",
"matchCriteriaId": "EF340285-5195-445C-ADB2-F1EF2FF901CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:h:*:*:*:*:*:*",
"matchCriteriaId": "B64DD9BF-26E3-4BEE-BFE0-FFD523600CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:i:*:*:*:*:*:*",
"matchCriteriaId": "7F0C5F5B-96E1-41F5-A233-487A929B2590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:j:*:*:*:*:*:*",
"matchCriteriaId": "5A0CCEEC-A625-4BF8-8696-BF6260AD8445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta11:*:*:*:*:*:*",
"matchCriteriaId": "B2DF0E03-3EC6-400A-9AF6-B653053C17D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta12:*:*:*:*:*:*",
"matchCriteriaId": "5216F808-88C7-4E1A-9FCE-C8DE5680AAB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta13:*:*:*:*:*:*",
"matchCriteriaId": "52C6D2E3-1617-4530-845D-40188526D238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta14:*:*:*:*:*:*",
"matchCriteriaId": "6E17E296-E69C-48C7-9B7F-FC85BCB7FF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta15:*:*:*:*:*:*",
"matchCriteriaId": "36F3EFF1-08E9-42C0-ACC9-55A22BDEE978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta16:*:*:*:*:*:*",
"matchCriteriaId": "E9D10792-38F4-488F-9E08-15FF15A9A3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta17:*:*:*:*:*:*",
"matchCriteriaId": "AA9ED9B2-D9D4-4200-B387-21A893453E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:beta18:*:*:*:*:*:*",
"matchCriteriaId": "3983C9FC-7546-41BE-8E22-B3471DF9F3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BFAB3DFB-58B7-4713-B88B-26424D639B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2131F2BB-80E3-46A0-A0D8-4450C625A525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C686308E-1A71-40E5-BCDE-5144217D41A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:beta2:*:*:*:*:*:*",
"matchCriteriaId": "D1F37F93-8BE1-4716-B35D-1CB2629867A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:beta3:*:*:*:*:*:*",
"matchCriteriaId": "AF4127BB-2A91-4243-B3ED-10D945B6995A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E09AAB1F-14FB-42E9-8983-30D2164EA0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "50190A04-5CF2-400E-BAE4-9C7F177ECFE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta1:*:*:*:*:*:*",
"matchCriteriaId": "AFB264E6-1640-459C-8DD0-C9D72124F125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta10:*:*:*:*:*:*",
"matchCriteriaId": "2A6E3454-14E2-43C8-8E71-1E800FCBE9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta2:*:*:*:*:*:*",
"matchCriteriaId": "BA610E96-CE50-46B0-B695-F4A5FA77AB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta3:*:*:*:*:*:*",
"matchCriteriaId": "30459EAB-E65B-4487-A90F-389477F0BA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E89FFA90-6AB5-4587-8F40-E7001E4DD470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta5:*:*:*:*:*:*",
"matchCriteriaId": "A2FDACC8-7BFD-477E-A79A-C933CB5C8EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9139F742-A946-4D2F-9C14-95216C06ED4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta7:*:*:*:*:*:*",
"matchCriteriaId": "0DBCDA70-BB1B-4408-A2F3-ADB7A7B77A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta8:*:*:*:*:*:*",
"matchCriteriaId": "AA4D368C-C167-4CF3-9013-FFC297D1D977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:beta9:*:*:*:*:*:*",
"matchCriteriaId": "D3571DD2-5200-48AE-83C9-B1DFF3A1FEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "782DFA55-BB92-41CD-A4DF-D986C387EB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2601CCF9-3A89-4EEF-9941-894AEAF89F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.10:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BFE11FC5-8A49-434E-B828-AE7C011B03CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "265EC12C-6239-4367-9769-73AC999556F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6DA772E3-B022-4F5E-8D43-C0BE64F187D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C6589696-904B-4F7B-84F7-0E8D2F0ACFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F5CF8EED-F09B-4AB8-A0F1-1F8DBB5385BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C3909436-175A-4DC7-956F-C0905DA579FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "086C6335-7872-46A7-AEB1-9BE5AE5A788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CB0532A8-3F66-49D3-95BF-2E78DB6EC471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FED11C9F-4E2D-4364-AEEC-43E61531BA9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8233B1-04A0-4E25-97EE-CF466B48A12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FA714E7E-05EF-4598-9324-887BC66C675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CF3B73-D3B9-4D76-B411-C837BCE0806E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEC7C52B-0D8D-4509-B9B5-B12E54EA3A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AB0514ED-C8F8-4F15-A40F-04D643F3DB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D77DCDC0-29DD-4BC8-BE30-3A348963F821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1752D91-3468-4E22-B60F-6789B3CBD7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F433AA7E-A780-4D45-AD1A-5A4CE1F3FCD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "93E210A7-489B-4EA7-A840-599523157DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B37565FA-72F5-4063-8D7A-97BC269F020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "434AED09-680D-43BC-B9CA-E78028035CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "009AF32A-19B9-4E56-B5D2-2D19082EF102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2643AA61-AB01-4252-8E50-81D5C74F8707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02552E07-D9C8-4DF8-AD63-B3A7B5C2C2DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8FA821-818E-4BC7-834B-94EB5C042390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FBF3D3-95A6-4869-8A69-F0E5ECA40220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "425B207B-D11B-468B-A2C6-BDF276AE4264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8B0055B-D0F1-4D8C-AE96-06315FFCC602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D07785D0-E995-4208-AB8C-43B320D291F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A42AC8B9-BEB2-4495-8A42-2AEDB29A3DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "152DDD6E-CF56-4E1C-BE4D-C7BC0FD9B08C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "76C2D14E-FD1C-430A-AC08-D61F997D8BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5B34C747-1D67-458A-B9D1-FA61954F7067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:rc3:*:*:*:*:*:*",
"matchCriteriaId": "16E618FC-38AA-477A-8F8E-BC5BFB0713C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:rc4:*:*:*:*:*:*",
"matchCriteriaId": "0149BCA7-DCFC-449B-8AD5-DC6F9BBC80B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:rc5:*:*:*:*:*:*",
"matchCriteriaId": "31D2BD41-12CE-47F1-ABD5-BE7AFFABF96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "19BBA666-4473-4C6D-BF48-34EF3F09AD7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.24:rc1:*:*:*:*:*:*",
"matchCriteriaId": "75767F08-B52A-412D-ADA8-1E23777DA2DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DDF6CC-7997-47E7-96D3-8DC10F1D17F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.25:rc1:*:*:*:*:*:*",
"matchCriteriaId": "854C857C-762D-400D-AFB6-3353558D0D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.25:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BB239211-BF7F-4357-B19F-221147CFC37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A1926DD0-0A9B-4F9D-BB4F-AC7AB0B3F0E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2763A6C7-DBBA-4E2A-917C-B6FF524B9891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D357DF0B-E6CB-4E24-9AE3-6A2C9A422AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C5BFEAD-9028-4F69-AB72-6004B0885A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9277C1BB-81B7-4971-B68B-20672AEC1644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:rc4:*:*:*:*:*:*",
"matchCriteriaId": "588913EA-69A8-4053-9181-37FB0E8DA273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D7D20090-A8E7-47D8-AD67-327B01315BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:rc6:*:*:*:*:*:*",
"matchCriteriaId": "896D47F2-4F84-4F32-9F94-90F9B5F36BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DECDF8-7742-4D58-99FA-100A01748B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:rc2:*:*:*:*:*:*",
"matchCriteriaId": "01590CB5-4BAA-43CC-802F-3486EAD52BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6DEAD5D0-7D13-4B46-AC43-3F0A5291A53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:rc4:*:*:*:*:*:*",
"matchCriteriaId": "45E0E86E-3932-4EE2-B34C-D5861FD16187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:rc5:*:*:*:*:*:*",
"matchCriteriaId": "C6435C47-5DC0-4EB6-984D-9231EB334AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:rc6:*:*:*:*:*:*",
"matchCriteriaId": "2DF231E5-CD60-4D4D-9A08-443C8CA500F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4FD3B1-3A68-4122-AA50-31BFC6C50408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:beta1:*:*:*:*:*:*",
"matchCriteriaId": "828BE0B5-8DF7-4C29-B55B-6AA01FBFD004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B654AFC2-0A1D-477F-A922-B235B9EF83D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:rc2:*:*:*:*:*:*",
"matchCriteriaId": "100CCE68-F893-441B-ABF4-DAF968BD623C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B3E393C0-85F8-49E4-929C-A390E0F3D884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "45790331-CE26-457F-8649-F027703E73EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.30:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A840A036-BBE0-4DAC-A7D9-11A3C48FC131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0BFE2D-5C7B-42E0-B783-8C5907CA8635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.31:rc01:*:*:*:*:*:*",
"matchCriteriaId": "6D366AD3-5FC2-4B75-8002-D966DC337261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD993C1-70B6-4ACB-B958-94E7EF973A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F008946C-43E9-4ECD-AE9F-486A4686AE87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6A4D6BB0-8E1A-49A4-BBC9-CBFA252C92A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CFE1DB59-0A60-432B-9D88-906C4FE6D6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C111BDD4-2A52-4FB7-8D21-6049A10BCDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6B33807C-8E7B-4A04-BE92-59C1B845AD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1614466-8EAC-4404-A674-EFFE0FFFBDC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FF2D5068-5BF3-425C-8B1A-E12E3D3CD8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "BF4F7833-4F88-4C54-AEC7-3C4FB797AE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F2A973ED-CA5B-4A18-ACAB-1542E3866896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "FA737702-6335-42F9-99B9-856D531B70F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8EAD9719-2736-40AE-BBEB-8BA627E8DF7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62693E5F-2EF6-49B5-9946-42CE61F4ACFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "65ACA253-BDE7-4CAE-8F74-71EBA4728358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9C776F58-A76E-4ED3-825B-52ADFB38D0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FF62B46E-37C4-426A-8854-E961BEB543E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C5EDDB54-70C6-41D0-AC5C-C10F8D107964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CAEAB037-F146-444F-A867-D08BD48DA6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:beta6:*:*:*:*:*:*",
"matchCriteriaId": "4962A86F-C9F5-4F03-AFCD-D2E6FD08BD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47CF2A43-2D15-4D70-A424-C12053D1A6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6AF8999B-86FF-4EC2-8EF3-C7461A6EBF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F79E13B4-A826-47E9-BE30-E5D9864E8681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C6577A0A-B689-424E-BAAE-BD5DF2615311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6FA7418E-2F52-4F24-8722-8CA9781943F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:rc5:*:*:*:*:*:*",
"matchCriteriaId": "BABFD5AE-95DD-478E-8E55-1541C4EF3D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:rc6:*:*:*:*:*:*",
"matchCriteriaId": "511E1319-C882-4761-ACD5-84617B78578E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:beta1:*:*:*:*:*:*",
"matchCriteriaId": "27A6EDED-CB33-4C80-B9C0-9774CC1455B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:beta2:*:*:*:*:*:*",
"matchCriteriaId": "0CB4A1D0-2360-4191-AE7C-0B1B4E0FB34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2D252442-7A38-4AD7-9CEA-DD5B090726DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "203E0B7E-7ED5-4F89-8E12-BDA590DC7DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "64DCD92E-792F-4A6F-AF83-1B04E3B9F62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "225CEEB5-1CE9-4818-A299-77516A26F30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A4DD7CF-90BD-4DD3-9E1A-7D2F527CAC53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6BA5FE79-5C4C-47E5-9DF2-CEF37F139389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A434DDF7-A9D4-42AE-8A92-41E45C42B683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1608ABE4-8EE7-4280-B8E0-D4518BA1D706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:beta2:*:*:*:*:*:*",
"matchCriteriaId": "0AECC80A-1D17-4BFD-92D6-6CFBAF88BEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F29E6D8C-3691-4451-AB5F-48574C98A551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D8C90D1A-B862-4B43-B5BB-67DE455DFC4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C56374A-0D57-4545-B538-20964F392996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "08722144-6645-4321-8340-6E68DF1AFE99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2C30D261-CBE2-4E3A-9ED0-9D2DFB04D465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "665B34A9-4331-4FC4-BB78-D6EE89827D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:rc5:*:*:*:*:*:*",
"matchCriteriaId": "4B9D5E28-E8E0-47F6-8728-18F2DDE0DCCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.7:beta1:*:*:*:*:*:*",
"matchCriteriaId": "093976B1-BC7C-4671-B4B1-0FB94D0F699A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.7:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C248EEB8-1510-40A4-B37B-E8F9AAE8687C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:beta1:*:*:*:*:*:*",
"matchCriteriaId": "51C96068-1E81-430D-9C5F-A4273CA0BBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:beta2:*:*:*:*:*:*",
"matchCriteriaId": "243E4DB3-2553-48E9-9DA2-8AF955389EC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E85CE44F-46D0-46F4-B4AB-271A9BC271EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2716FBF4-5BDB-4D76-AC79-AB9158DA1241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CFD6B80F-7574-4A9F-AC40-7E357EE3F50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "244D10AC-1C34-4D18-AB06-F9C2C9F564BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8DBEEA4A-8175-4E06-8346-93541868A6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C3CC9D97-1C0F-4A48-9F2A-A74960A84D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A692466A-6258-4D90-B362-9797B03CDB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9BE92591-5AD8-47D0-BDDE-350C2BFB5736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B5E6F6A5-0844-4625-8AA4-E1CA8E15C1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta10:*:*:*:*:*:*",
"matchCriteriaId": "786B4160-C9E9-4EDD-83D9-741576FDDF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta2:*:*:*:*:*:*",
"matchCriteriaId": "039D87A3-49FA-4C02-B137-42D4407DD4A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEA0BB0-24E2-4D13-ACD6-BC4DD7878AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D7981F07-C65C-4AA8-8653-786FD6A50BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta5:*:*:*:*:*:*",
"matchCriteriaId": "EE280017-8064-416B-AFA2-3DC8D2B1331B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta6:*:*:*:*:*:*",
"matchCriteriaId": "CA584B09-52A3-4D87-8B72-B704069766E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta7:*:*:*:*:*:*",
"matchCriteriaId": "A10C7AE8-85C0-4CD1-910B-320FE52AD542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta8:*:*:*:*:*:*",
"matchCriteriaId": "6763A6C3-53E3-41AF-B5DF-4ACDC5371AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:beta9:*:*:*:*:*:*",
"matchCriteriaId": "1693150F-E485-47D9-A957-C0A8FEFC8844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F08FBEB-3FA9-4C57-9CD7-717C41F352C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E83B68F-B0E2-4C37-A711-1714652AB961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4F17A4B7-99C2-407A-9536-4B54EDC02899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F854F244-78C9-46C6-8862-1DA58912FCE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta4:*:*:*:*:*:*",
"matchCriteriaId": "9A4C883A-A2A3-4D5F-8114-CE9220FFF7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta5:*:*:*:*:*:*",
"matchCriteriaId": "3544F0FF-3EEE-4902-B412-EB57D6AE7A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta6:*:*:*:*:*:*",
"matchCriteriaId": "5F428FF4-21A8-4605-AFCD-E78F43E46AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:beta7:*:*:*:*:*:*",
"matchCriteriaId": "7132AA21-DC2F-4493-9BCC-27E3D8F075AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B65F8362-934F-452D-8E86-0DB2E3C7B43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "934D0AB5-62FB-4EC1-971A-A1BA8EEAD008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5891F237-D1DB-4CCE-8A8B-D10E7EDCB926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E114E18D-2882-4843-9356-279C69ABCBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta2:*:*:*:*:*:*",
"matchCriteriaId": "5E271694-B8C8-4BCF-8B4A-0425BA50EF6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E36CC085-34FF-4B84-8628-74BEEC686C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:beta4:*:*:*:*:*:*",
"matchCriteriaId": "06793BE6-3370-4FCB-A400-C6AF95D1E66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE742D36-3A33-4316-8326-FA2F1B228E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "25D0C5E1-4D8D-42EE-8C94-12D442181DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3326F984-8312-4E7F-A269-0A06FAC8BE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "290CF6FC-3BD6-4974-9DEC-188B79DC816A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:beta1:*:*:*:*:*:*",
"matchCriteriaId": "782ABB64-C2F2-4326-A69F-75E514055C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0EF9CEE2-8DB6-480F-970C-E19FEF31D0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "28C13A65-C0D6-4904-8C92-E5233D7E5CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:beta1:*:*:*:*:*:*",
"matchCriteriaId": "38993FC7-12DD-4D75-8EC6-719C0AD66191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:beta2:*:*:*:*:*:*",
"matchCriteriaId": "0CAF82B9-020B-48FD-BE3D-70B8A7A8CDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C43481DF-59C5-4E9B-8CB9-49E4873B7263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BFFC71CB-0B01-4A34-85B8-8A27C1E7D451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EC53C1C7-ED9C-44C2-B446-0426E4C92D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B996835E-97DB-47B1-80B9-BE757680CAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AC7256E6-502A-47A5-A692-90162AA40AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta5:*:*:*:*:*:*",
"matchCriteriaId": "53E7BDBC-5BF8-4BA3-959D-1D16ACD558D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:beta6:*:*:*:*:*:*",
"matchCriteriaId": "79B6B4A0-9B7E-4835-9F82-2B1D1AF955AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "27BBC74C-51A3-48BB-B867-3A5F58AD8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DEDAB32-9D5C-4F12-B9E4-ABEA615DC11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C3DA5585-140C-4F27-8654-BCFCB12659B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc4:*:*:*:*:*:*",
"matchCriteriaId": "AA8F6085-9769-44DE-8E43-FAB7C7791A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5A4D700F-AA36-4A5B-8BD3-3BD9A452D743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D6045135-54AF-4B83-9279-47BB1DB67172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DBB7D1F1-7959-4459-827C-90B193F58269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A6F2F0-E088-458F-813F-5B45EA01B77F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:beta1:*:*:*:*:*:*",
"matchCriteriaId": "96308F2E-E2DE-4C0F-B0A6-7FDFFF67A0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A21785C-989F-4E72-932B-E77892EF492A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0D832C4A-0793-4B64-944D-086CF614CAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7C8E2232-7077-4CE4-9141-80F2F744F0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "38CDA418-F580-4625-9D84-F01EA5D0FC5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D0FB8DC5-ABD5-41BE-99EC-E610504D6F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53B41406-956A-48C9-9CDA-D7257D19E6F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta10:*:*:*:*:*:*",
"matchCriteriaId": "B100CFD4-788C-44BF-A55D-225F72314A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta11:*:*:*:*:*:*",
"matchCriteriaId": "7B6BFCBC-F3E9-4CDD-833F-01D51594B0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta12:*:*:*:*:*:*",
"matchCriteriaId": "589DC20E-E642-4BC7-83CD-01323D7F6236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta13:*:*:*:*:*:*",
"matchCriteriaId": "6A9B81C1-EAF8-44B6-A4FD-2568FFBB6FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta14:*:*:*:*:*:*",
"matchCriteriaId": "22EBF19B-7E53-4627-AE87-6B7C4ACD88F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta15:*:*:*:*:*:*",
"matchCriteriaId": "43744C82-D271-4BF3-9AD8-A48C1B5BA33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta16:*:*:*:*:*:*",
"matchCriteriaId": "FD68995C-816C-4E25-B8B3-0BC808490D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta17:*:*:*:*:*:*",
"matchCriteriaId": "6EDC3AE7-569F-4016-B35E-E8B8B3456959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta18:*:*:*:*:*:*",
"matchCriteriaId": "17068432-BFE0-4BE1-A86B-7D6562D18103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta19:*:*:*:*:*:*",
"matchCriteriaId": "A0F0F2AF-748A-411A-8B95-45A04800FF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta2:*:*:*:*:*:*",
"matchCriteriaId": "945C0B80-E562-4495-849E-23EE406D2EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta20:*:*:*:*:*:*",
"matchCriteriaId": "5E91B287-CDFC-4791-95D5-54AC847877D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta21:*:*:*:*:*:*",
"matchCriteriaId": "1F09C15E-E20C-473D-AF13-5509669DA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta22:*:*:*:*:*:*",
"matchCriteriaId": "36FD7096-C215-4CCA-B0BE-244E9708E947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta23:*:*:*:*:*:*",
"matchCriteriaId": "4AC8DAFE-64A5-47C6-BE99-093E744181B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta24:*:*:*:*:*:*",
"matchCriteriaId": "C075C36D-D191-4165-A2A8-A8BA6AD93862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta25:*:*:*:*:*:*",
"matchCriteriaId": "F7E9A4DE-C0B7-4951-97D2-26EFFE065A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta26:*:*:*:*:*:*",
"matchCriteriaId": "6B9FC583-AA79-4ED1-924B-DE58FBB88385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta27:*:*:*:*:*:*",
"matchCriteriaId": "727FA534-FB49-4784-A56E-D709071FFEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta28:*:*:*:*:*:*",
"matchCriteriaId": "17628553-688B-4574-9B2A-035937225DD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta29:*:*:*:*:*:*",
"matchCriteriaId": "E96F2F5A-A881-4EDC-965F-43984EA06151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta3:*:*:*:*:*:*",
"matchCriteriaId": "26E9442B-FCA7-42A3-9E73-343D9FF11985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta30:*:*:*:*:*:*",
"matchCriteriaId": "1EB24053-49FC-488C-8DC4-12F5A485EC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta31:*:*:*:*:*:*",
"matchCriteriaId": "653700ED-B2E3-4DD1-99A1-ED0B4504E628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta4:*:*:*:*:*:*",
"matchCriteriaId": "101240B5-FAC7-4D47-9C4A-840D06E082EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta5:*:*:*:*:*:*",
"matchCriteriaId": "608088FF-8EED-4F05-96EA-0E23F669C078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82401AB8-5432-4D75-ADC2-A310132EB9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta7:*:*:*:*:*:*",
"matchCriteriaId": "CECEDABC-F229-43F7-9795-9E87198424D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta8:*:*:*:*:*:*",
"matchCriteriaId": "712E5798-A0FC-44E7-972A-D2EF66F5C793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:beta9:*:*:*:*:*:*",
"matchCriteriaId": "82690AE3-BFFA-4616-AE30-35A6D21DFC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4D0082F7-DDD3-4266-B604-D1E2958ABAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00A32AD4-38C7-41BE-8042-9BCED336AA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BC96DBDE-15A7-4C63-8C71-AA5CD158E306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "834A6D33-2334-4361-92CE-8AECAF3614CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AFC3A80A-4C35-419F-B576-40A3FAD37723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D0FCC174-9216-433D-A5CB-A7C275DD9D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:beta01:*:*:*:*:*:*",
"matchCriteriaId": "01EF52B3-BAD3-4E0C-B19C-3465A036B025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:beta02:*:*:*:*:*:*",
"matchCriteriaId": "1685F3BF-635D-43DD-855D-7666D807AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:beta03:*:*:*:*:*:*",
"matchCriteriaId": "BAA8FF97-98D2-425F-935C-36951DFEE029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:beta04:*:*:*:*:*:*",
"matchCriteriaId": "1CEE9078-6B9F-4BA1-A6BE-25743B02FE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE1A8933-9958-458B-A511-D018B7CA7D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "100BF4B6-2A63-416A-B19F-722A9B44F126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4DD8FB59-2260-4343-B4D6-279ED7D7D5E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc4:*:*:*:*:*:*",
"matchCriteriaId": "FDDCE2DE-94B7-460D-8BBB-26ACA4847807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A812C450-8E1F-4667-99EC-7237E1E319E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AD94AB7F-B7CF-42B0-AB71-23F42F3F1067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5460DA6B-6F81-4B8C-9D8F-DB946E3F33EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta1:*:*:*:*:*:*",
"matchCriteriaId": "45E92521-FE62-4940-B194-A8482538401B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6DF7D5B4-A8BD-4F3B-8DB3-D5AB94086A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta2-1.2.21:*:*:*:*:*:*",
"matchCriteriaId": "B0A244FC-545E-4041-B922-B1B640E7E371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta3:*:*:*:*:*:*",
"matchCriteriaId": "40F8973E-8150-4834-8D9B-370F3664E894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta3-1.2.21:*:*:*:*:*:*",
"matchCriteriaId": "B9C93F2F-533D-4563-95F2-E94A2CCE9C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta4:*:*:*:*:*:*",
"matchCriteriaId": "73045C50-73FE-4162-8E8B-7721131E4396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:beta4-1.2.21:*:*:*:*:*:*",
"matchCriteriaId": "C89DFAAD-279A-462D-BF72-D75CC24E72E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1879D7C8-ABF1-4ECE-BBC7-71978695D4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:rc1-1.2.21:*:*:*:*:*:*",
"matchCriteriaId": "1B27B3A2-04E1-4261-AA70-30EE2AA934F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta01:*:*:*:*:*:*",
"matchCriteriaId": "CA60D3F3-149B-4A76-9F35-4A0A127ADF65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta02:*:*:*:*:*:*",
"matchCriteriaId": "3D625A71-5F2D-446A-BD69-1470B4127DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta03:*:*:*:*:*:*",
"matchCriteriaId": "00C85EF8-8D8A-4ED8-B55B-2182421626CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta04:*:*:*:*:*:*",
"matchCriteriaId": "6D65DCF8-D9A6-4A9E-8171-C52E12EB1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:beta05:*:*:*:*:*:*",
"matchCriteriaId": "C5114A9B-263F-4BBF-9A6A-F6E0900CDD78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:rc01:*:*:*:*:*:*",
"matchCriteriaId": "4CD12B3A-27B6-4BD4-90B5-874B677689FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta01:*:*:*:*:*:*",
"matchCriteriaId": "27988956-B3F4-428A-B369-C5E01A2F9102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta02:*:*:*:*:*:*",
"matchCriteriaId": "B4D45B16-C278-4ABF-8B91-CFA0AB384290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:beta03:*:*:*:*:*:*",
"matchCriteriaId": "247153A0-CF83-4D6E-A657-5D8D217D8EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:rc01:*:*:*:*:*:*",
"matchCriteriaId": "53D03C1D-684A-4BA5-841B-C414AD244DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta01:*:*:*:*:*:*",
"matchCriteriaId": "9F89EDB5-A195-479B-BEFB-E0A186A4A9D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta02:*:*:*:*:*:*",
"matchCriteriaId": "02BAC6A6-FBE9-48CD-9B4E-FC570684922B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta03:*:*:*:*:*:*",
"matchCriteriaId": "E695F515-AE7E-48AB-999C-75B62BEA0BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta04:*:*:*:*:*:*",
"matchCriteriaId": "D448D4A5-D827-4FF8-BAC1-E25FD8F01C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta05:*:*:*:*:*:*",
"matchCriteriaId": "935F2297-6CB4-4ABB-9F4D-F11708CDC069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:beta06:*:*:*:*:*:*",
"matchCriteriaId": "25ED23F7-DF30-46B2-99EF-3924E22C1870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:rc01:*:*:*:*:*:*",
"matchCriteriaId": "6FB56358-46E4-4999-A311-5E1819A6D5DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:rc02:*:*:*:*:*:*",
"matchCriteriaId": "F508CFA5-5602-445C-9E18-71B6A625F9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta01:*:*:*:*:*:*",
"matchCriteriaId": "897D42F6-202B-425A-BF0D-76D1A74D8E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta02:*:*:*:*:*:*",
"matchCriteriaId": "50300181-3691-4EA2-B779-1C9CF59E08FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta03:*:*:*:*:*:*",
"matchCriteriaId": "CABA31D9-9EC0-4447-9C5E-8BC5DF5F431D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta04:*:*:*:*:*:*",
"matchCriteriaId": "D4568552-91F6-4E05-ADA5-4127CBD4D3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta05:*:*:*:*:*:*",
"matchCriteriaId": "D72D51C0-1044-4A74-823F-7123340FB9BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:beta06:*:*:*:*:*:*",
"matchCriteriaId": "BF7EE024-3E34-4452-A832-751BBC109086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:rc01:*:*:*:*:*:*",
"matchCriteriaId": "947395DE-A911-47B3-983D-B5D23672068D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta1:*:*:*:*:*:*",
"matchCriteriaId": "DE24B381-8144-43C2-94EE-B5702B7B5EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta10:*:*:*:*:*:*",
"matchCriteriaId": "794EB3E2-2111-44A9-9980-417613450E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta11:*:*:*:*:*:*",
"matchCriteriaId": "A8C106DD-69E9-41FE-8642-74A1A6FF1123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta12:*:*:*:*:*:*",
"matchCriteriaId": "953C2842-7F1D-4EF4-A2D2-4A3CA2D6D3D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta13:*:*:*:*:*:*",
"matchCriteriaId": "BB29C385-6A32-4857-AF7A-CA609C90C824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta14:*:*:*:*:*:*",
"matchCriteriaId": "15B8C015-7E59-4B05-91E1-EA3EF2B22F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta15:*:*:*:*:*:*",
"matchCriteriaId": "0CA68AE1-6C85-4657-BA59-8C03E7C2B748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta16:*:*:*:*:*:*",
"matchCriteriaId": "76940407-3D93-4528-ADC9-CE98F7C0FA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta17:*:*:*:*:*:*",
"matchCriteriaId": "04433179-590B-448E-8192-5661A95908DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta18:*:*:*:*:*:*",
"matchCriteriaId": "5D3F5172-3B73-4A90-A061-8F831785B6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta19:*:*:*:*:*:*",
"matchCriteriaId": "BAC754C3-8B70-48A8-9DB8-9336534633C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6BF05CA3-1200-4789-B5B3-537F9756F322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A2AA4F92-A968-4F4D-AA74-375B425E271A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta4:*:*:*:*:*:*",
"matchCriteriaId": "42A1CD34-107B-4B46-87A5-40B93CB3C612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8611DAC7-310F-44BD-B9DD-24C44F50ED62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta6:*:*:*:*:*:*",
"matchCriteriaId": "C6CF21B5-43AB-4802-AEE5-944B32BB8AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta7:*:*:*:*:*:*",
"matchCriteriaId": "C0CA8A77-4558-4822-9F6A-9C11256E1241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta8:*:*:*:*:*:*",
"matchCriteriaId": "404F62B4-6D97-4075-B127-F9E3905F49A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4:beta9:*:*:*:*:*:*",
"matchCriteriaId": "B91A59A4-71BF-4428-8036-E08091FA8663",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length \"unknown\" chunks, which trigger an access of uninitialized memory."
},
{
"lang": "es",
"value": "libpng versions de la 1.0.6 hasta la 1.0.32, 1.2.0 hasta la 1.2.26 y 1.4.0beta01 hasta la 1.4.0beta19, permiten a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo PNG con fragmentos desconocidos de longitud cero, lo que dispara un acceso de memoria no inicializada."
}
],
"id": "CVE-2008-1382",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-14T16:05:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libpng.sourceforge.net/Advisory-1.2.26.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29678"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29792"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29957"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29992"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30009"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30157"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30174"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30402"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30486"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/33137"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34152"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34388"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35074"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35258"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35302"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35386"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200804-15.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200805-10.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200812-15.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.541247"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:156"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ocert.org/advisories/ocert-2008-003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/44364"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0333.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/490823/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/491424/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/28770"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1019840"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/1225/references"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1451"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41800"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10326"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6275"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libpng.sourceforge.net/Advisory-1.2.26.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200812-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.541247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/advisories/ocert-2008-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/44364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0333.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490823/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/491424/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1225/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1382\n\nThis issue does not affect the version of libpng as shipped with Red Hat Enterprise Linux 3.\n\nUpdates for affected versions of Red Hat Enterprise Linux can be found here:\nhttp://rhn.redhat.com/errata/RHSA-2009-0333.html",
"lastModified": "2009-03-04T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-27 20:55
Modified
2025-04-12 10:46
Severity ?
Summary
The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff | Patch | |
| cret@cert.org | http://lists.opensuse.org/opensuse-updates/2014-03/msg00029.html | ||
| cret@cert.org | http://www.kb.cert.org/vuls/id/684412 | Patch, US Government Resource | |
| cret@cert.org | https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-03/msg00029.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/684412 | Patch, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | 1.6.0 | |
| libpng | libpng | 1.6.0 | |
| libpng | libpng | 1.6.1 | |
| libpng | libpng | 1.6.1 | |
| libpng | libpng | 1.6.2 | |
| libpng | libpng | 1.6.2 | |
| libpng | libpng | 1.6.3 | |
| libpng | libpng | 1.6.3 | |
| libpng | libpng | 1.6.4 | |
| libpng | libpng | 1.6.4 | |
| libpng | libpng | 1.6.5 | |
| libpng | libpng | 1.6.6 | |
| libpng | libpng | 1.6.7 | |
| libpng | libpng | 1.6.7 | |
| libpng | libpng | 1.6.8 | |
| libpng | libpng | 1.6.8 | |
| libpng | libpng | 1.6.9 | |
| libpng | libpng | 1.6.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0D174-F35C-488B-8577-00EFB7741089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "051989A3-3F72-4223-98DF-54B0488656F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDC5DA5-F2A7-4819-BB9D-258EB9AB7857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "02FCC235-9564-4B92-B1AB-294EAB110E95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27B34D78-C0BC-45DC-AD84-F5F13451ED7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "40C344C8-812C-4EDE-9AD6-31EF7F0E24C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D3A7EC-774C-423F-BDE1-CDCB9433D87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "B9353E66-56D2-4CD1-BC30-5B2FF0F4E722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B898B95-CF41-4813-8FE7-776BD59A6A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "5D9BF9ED-965A-4BF5-A3EC-FAFCE880F14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5E5899-5A3F-49A1-B18C-4C97566B87BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C7897EEC-DE43-485A-B2CD-E8623A6D2C8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC16FE2-E94E-45B9-94F0-B6434B21DD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "278434CA-DD56-47FC-9C15-4B9D4159786C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8DAE31-CCA9-450D-90E5-B8F0490FB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "0C5712AB-1A98-45DB-8384-5CD70D03684C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "52FEB5C9-0C13-4FD6-876C-AAE7ED4E986C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "B2903D2B-A99A-4120-88DC-A1DF59085F59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero."
},
{
"lang": "es",
"value": "La funci\u00f3n png_push_read_chunk en pngpread.c en el decodificador progresivo en libpng 1.6.x hasta 1.6.9 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito y consumo de CPU) a trav\u00e9s de un fragmento IDAT con una longitud cero."
}
],
"id": "CVE-2014-0333",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-27T20:55:04.850",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00029.html"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/684412"
},
{
"source": "cret@cert.org",
"url": "https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/684412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-06 14:55
Modified
2025-06-09 16:15
Severity ?
Summary
Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html | ||
| cve@mitre.org | http://seclists.org/oss-sec/2014/q2/83 | ||
| cve@mitre.org | http://sourceforge.net/p/libpng/bugs/199/ | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/67344 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q2/83 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/p/libpng/bugs/199/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/67344 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | 1.5.0 | |
| libpng | libpng | 1.5.1 | |
| libpng | libpng | 1.5.1 | |
| libpng | libpng | 1.5.2 | |
| libpng | libpng | 1.5.2 | |
| libpng | libpng | 1.5.3 | |
| libpng | libpng | 1.5.4 | |
| libpng | libpng | 1.5.4 | |
| libpng | libpng | 1.5.5 | |
| libpng | libpng | 1.5.5 | |
| libpng | libpng | 1.5.6 | |
| libpng | libpng | 1.5.6 | |
| libpng | libpng | 1.5.7 | |
| libpng | libpng | 1.5.7 | |
| libpng | libpng | 1.5.8 | |
| libpng | libpng | 1.5.8 | |
| libpng | libpng | 1.5.9 | |
| libpng | libpng | 1.5.9 | |
| libpng | libpng | 1.5.10 | |
| libpng | libpng | 1.5.11 | |
| libpng | libpng | 1.5.11 | |
| libpng | libpng | 1.5.12 | |
| libpng | libpng | 1.5.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A83C24-6658-4687-9391-21EE7969A5E4",
"versionEndIncluding": "1.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8BA2974-AF9F-4382-B443-F54354B5623A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8BC209-45B9-44D6-A26D-0B570ED5BB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "468B1A0E-AF58-42C4-9801-D6F83F283360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6644ED2F-66F3-469D-8233-72FE7321E850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "B36D610D-F86A-4D46-B0F2-884FFA601C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8A976DD-87FA-425D-8E07-E3CFC4D3FD05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34978D-6ABE-463E-AB48-21CC55B7D157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "3716FF0E-AD20-46F8-B8F6-3EC42D427C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4568BB-F5FF-4BBB-9DA3-E66C2BFA2416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "E5300EC4-B3A0-42C5-8D39-67AB75C47153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "246CF13F-FDC1-499E-9FC1-5624D54E9E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "D5840A8E-AB64-40A9-8BB6-EB6BA51D40B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC66FD43-421B-4223-BA32-EC47B51E1091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "EEC9D57C-47F2-4773-85B6-FFB0C4681E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F5664B-5AB9-4DE4-99AA-8FD32DBA4A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "5CD1C8E6-DF35-47F7-877F-001AD62B57CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7712376-D776-4814-A041-FBFEAC70ADC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "DF69B34E-F7FB-4F4C-AF7D-ACD165B1233B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.10:beta:*:*:*:*:*:*",
"matchCriteriaId": "F7CC2E64-E48C-4DE6-892D-06A0B806A51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "65DEDF02-9239-497C-94DB-DAF80B6B4F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.11:beta:*:*:*:*:*:*",
"matchCriteriaId": "5BE62DB2-664D-4E0A-840F-09D13E41704A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAAECD8-0C16-40CC-BA8A-97DF38BAF668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.13:beta:*:*:*:*:*:*",
"matchCriteriaId": "561D5D7A-1933-4A6D-940E-8DD035AA31B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de enteros en libpng anterior a 1.5.14rc03 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un imagen manipulado hacia la funci\u00f3n (1) png_set_sPLT o (2) png_set_text_2, lo que provoca un desbordamiento de buffer basado en memoria din\u00e1mica."
}
],
"id": "CVE-2013-7354",
"lastModified": "2025-06-09T16:15:24.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2014-05-06T14:55:05.043",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q2/83"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sourceforge.net/p/libpng/bugs/199/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sourceforge.net/p/libpng/bugs/199/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67344"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-10 15:15
Modified
2025-06-09 16:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/109269 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55 | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20220506-0003/ | Third Party Advisory | |
| cve@mitre.org | https://support.f5.com/csp/article/K88124225 | Third Party Advisory | |
| cve@mitre.org | https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109269 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220506-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K88124225 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K88124225?utm_source=f5support&%3Butm_medium=RSS |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| netapp | active_iq_unified_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CB8F9C-2796-478B-898D-74AD09F9EC4F",
"versionEndExcluding": "1.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libpng before 1.6.32 does not properly check the length of chunks against the user limit."
},
{
"lang": "es",
"value": "En libpng anterior a versi\u00f3n 1.6.32, no comprueba apropiadamente la longitud de fragmentos en comparaci\u00f3n con el l\u00edmite del usuario."
}
],
"id": "CVE-2017-12652",
"lastModified": "2025-06-09T16:15:26.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-07-10T15:15:10.993",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109269"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K88124225"
},
{
"source": "cve@mitre.org",
"url": "https://support.f5.com/csp/article/K88124225?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K88124225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K88124225?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-18 18:03
Modified
2025-04-11 00:51
Severity ?
Summary
pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt | ||
| cret@cert.org | ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-README.txt | ||
| cret@cert.org | http://osvdb.org/70417 | ||
| cret@cert.org | http://secunia.com/advisories/42863 | Vendor Advisory | |
| cret@cert.org | http://securitytracker.com/id?1024955 | ||
| cret@cert.org | http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement | ||
| cret@cert.org | http://www.kb.cert.org/vuls/id/643140 | US Government Resource | |
| cret@cert.org | http://www.vupen.com/english/advisories/2011/0080 | Vendor Advisory | |
| cret@cert.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/64637 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-README.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/70417 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42863 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1024955 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/643140 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0080 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/64637 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2ECD2B-A847-42FB-B5B3-DAFC40B2E513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "pngrtran.c en libpng v1.5.x anterior a v1.5.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen PNG manipulada que provoca un desbordamiento de b\u00fafer, relacionados con la funci\u00f3n png_do_expand_palette, la funci\u00f3n png_do_rgb_to_gray, y un desbordamiento de enteros. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2011-0408",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-18T18:03:08.423",
"references": [
{
"source": "cret@cert.org",
"url": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt"
},
{
"source": "cret@cert.org",
"url": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-README.txt"
},
{
"source": "cret@cert.org",
"url": "http://osvdb.org/70417"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42863"
},
{
"source": "cret@cert.org",
"url": "http://securitytracker.com/id?1024955"
},
{
"source": "cret@cert.org",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org\u0026forum_name=png-mng-implement"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/643140"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0080"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-README.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org\u0026forum_name=png-mng-implement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/643140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64637"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-17 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339 | ||
| secalert@redhat.com | http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2012/May/msg00001.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/45046 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45405 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45415 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45445 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45460 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45461 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45492 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/49660 | Broken Link | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201206-15.xml | Third Party Advisory | |
| secalert@redhat.com | http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement | Exploit, Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT5002 | Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT5281 | Third Party Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2011/dsa-2287 | Third Party Advisory | |
| secalert@redhat.com | http://www.kb.cert.org/vuls/id/819894 | Third Party Advisory, US Government Resource | |
| secalert@redhat.com | http://www.libpng.org/pub/png/libpng.html | Product, Vendor Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:151 | Broken Link | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/07/13/2 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2011-1103.html | Broken Link | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2011-1104.html | Broken Link | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2011-1105.html | Broken Link | |
| secalert@redhat.com | http://www.securityfocus.com/bid/48618 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1175-1 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=720612 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/68536 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2012/May/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45046 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45405 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45415 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45445 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45460 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45461 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45492 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49660 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201206-15.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5002 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5281 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2287 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/819894 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.libpng.org/pub/png/libpng.html | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:151 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/07/13/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-1103.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-1104.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-1105.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/48618 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1175-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=720612 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/68536 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | * | |
| libpng | libpng | * | |
| libpng | libpng | * | |
| fedoraproject | fedora | 14 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 | |
| canonical | ubuntu_linux | 11.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "457596BD-6D1A-4BF6-AB6B-00C015282A5C",
"versionEndExcluding": "1.0.55",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0A4818-9441-4057-BF47-EDC25FC9A3D2",
"versionEndExcluding": "1.2.45",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66F5725F-4C45-48C1-B31C-7A25E735AE49",
"versionEndExcluding": "1.4.8",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25E29B1D-F756-40BE-8419-4224391D8D61",
"versionEndExcluding": "1.5.4",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE52846-24EC-4068-B788-EC7F915FFF11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BD9DD2-B468-4732-ABB1-742D83709B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory."
},
{
"lang": "es",
"value": "La funci\u00f3n png_handle_sCAL de pngrutil.c en libpng v1.0.x antes de la v1.0.55, en v1.2.x antes de la v1.2.45, en v1.4.x antes de la v1.4.8, y en v1.5.x antes de la v1.5.4, no controla correctamente fragmentos inv\u00e1lidos SCAL, que permiten a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) o posiblemente tener un impacto no especificado a trav\u00e9s de una imagen PNG creada que provoca la lectura de la memoria sin inicializar."
}
],
"id": "CVE-2011-2692",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2011-07-17T20:55:01.623",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45046"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45405"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45415"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45445"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45460"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45461"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45492"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/49660"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org\u0026forum_name=png-mng-implement"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/819894"
},
{
"source": "secalert@redhat.com",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/13/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1103.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1104.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1105.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/48618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1175-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720612"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/49660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org\u0026forum_name=png-mng-implement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/819894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/48618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1175-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68536"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-31 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18 | ||
| cve@mitre.org | http://secunia.com/advisories/49660 | Broken Link | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201206-15.xml | Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2011/03/22/7 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2011/03/28/6 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49660 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201206-15.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/03/22/7 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/03/28/6 | Mailing List, Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD38421-81CC-4ACE-8A1B-28FD3FA01E5F",
"versionEndIncluding": "1.2.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.39:-:*:*:*:*:*:*",
"matchCriteriaId": "7A704CF6-B833-49ED-A00D-E5C45BC6D3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.39:beta1:*:*:*:*:*:*",
"matchCriteriaId": "348689A3-3699-4045-A663-E7C78F4E6621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.39:beta2:*:*:*:*:*:*",
"matchCriteriaId": "58D248F0-1403-41E1-83C9-F92B83BAAD31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.39:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F36743A2-E182-4C3F-B06B-55704AD216A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.39:beta4:*:*:*:*:*:*",
"matchCriteriaId": "63C628B1-030D-4D3B-9F61-DC70B43A9A34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244."
},
{
"lang": "es",
"value": "Una p\u00e9rdida de memoria en la funci\u00f3n embedded_profile_len en el archivo pngwutil.c en libpng anterior a versi\u00f3n 1.2.39beta5, permite a los atacantes dependiendo del contexto causar una denegaci\u00f3n de servicio (p\u00e9rdida de memoria o fallo de segmentaci\u00f3n) por medio de una imagen JPEG que contiene un fragmento iCCP con una longitud de perfil insertada negativa. NOTA: esto se debe a una correcci\u00f3n incompleta para CVE-2006-7244."
}
],
"id": "CVE-2009-5063",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-31T23:55:01.020",
"references": [
{
"source": "cve@mitre.org",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/49660"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/22/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/28/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/49660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/22/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/28/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-12 18:34
Modified
2025-06-10 14:15
Severity ?
Summary
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://advisories.mageia.org/MGASA-2014-0075.html | ||
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html | ||
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html | ||
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html | ||
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html | ||
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html | ||
| cret@cert.org | http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html | ||
| cret@cert.org | http://marc.info/?l=bugtraq&m=140852886808946&w=2 | ||
| cret@cert.org | http://marc.info/?l=bugtraq&m=140852886808946&w=2 | ||
| cret@cert.org | http://marc.info/?l=bugtraq&m=140852886808946&w=2 | ||
| cret@cert.org | http://marc.info/?l=bugtraq&m=140852886808946&w=2 | ||
| cret@cert.org | http://marc.info/?l=bugtraq&m=140852974709252&w=2 | ||
| cret@cert.org | http://marc.info/?l=bugtraq&m=140852974709252&w=2 | ||
| cret@cert.org | http://marc.info/?l=bugtraq&m=140852974709252&w=2 | ||
| cret@cert.org | http://marc.info/?l=bugtraq&m=140852974709252&w=2 | ||
| cret@cert.org | http://secunia.com/advisories/58974 | ||
| cret@cert.org | http://secunia.com/advisories/59058 | ||
| cret@cert.org | http://security.gentoo.org/glsa/glsa-201406-32.xml | ||
| cret@cert.org | http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c | Exploit, Patch | |
| cret@cert.org | http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/ | Patch | |
| cret@cert.org | http://www-01.ibm.com/support/docview.wss?uid=swg21672080 | ||
| cret@cert.org | http://www-01.ibm.com/support/docview.wss?uid=swg21676746 | ||
| cret@cert.org | http://www.kb.cert.org/vuls/id/650142 | US Government Resource | |
| cret@cert.org | http://www.libpng.org/pub/png/libpng.html | ||
| cret@cert.org | http://www.mandriva.com/security/advisories?name=MDVSA-2014:035 | ||
| cret@cert.org | http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | ||
| cret@cert.org | http://www.securityfocus.com/bid/64493 | ||
| cret@cert.org | https://access.redhat.com/errata/RHSA-2014:0413 | ||
| cret@cert.org | https://access.redhat.com/errata/RHSA-2014:0414 | ||
| cret@cert.org | https://bugzilla.redhat.com/show_bug.cgi?id=1045561 | ||
| cret@cert.org | https://www.ibm.com/support/docview.wss?uid=swg21675973 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2014-0075.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=140852886808946&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=140852886808946&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=140852886808946&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=140852886808946&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=140852974709252&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=140852974709252&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=140852974709252&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=140852974709252&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/58974 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/59058 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201406-32.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21672080 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21676746 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/650142 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.libpng.org/pub/png/libpng.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2014:035 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/64493 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2014:0413 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2014:0414 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1045561 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg21675973 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | 1.6.0 | |
| libpng | libpng | 1.6.0 | |
| libpng | libpng | 1.6.1 | |
| libpng | libpng | 1.6.1 | |
| libpng | libpng | 1.6.2 | |
| libpng | libpng | 1.6.2 | |
| libpng | libpng | 1.6.3 | |
| libpng | libpng | 1.6.3 | |
| libpng | libpng | 1.6.4 | |
| libpng | libpng | 1.6.4 | |
| libpng | libpng | 1.6.5 | |
| libpng | libpng | 1.6.6 | |
| libpng | libpng | 1.6.7 | |
| libpng | libpng | 1.6.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "C79F2464-B57E-4A57-9763-6159B24E93D7",
"versionEndIncluding": "1.6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0D174-F35C-488B-8577-00EFB7741089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "051989A3-3F72-4223-98DF-54B0488656F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDC5DA5-F2A7-4819-BB9D-258EB9AB7857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "02FCC235-9564-4B92-B1AB-294EAB110E95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27B34D78-C0BC-45DC-AD84-F5F13451ED7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "40C344C8-812C-4EDE-9AD6-31EF7F0E24C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D3A7EC-774C-423F-BDE1-CDCB9433D87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "B9353E66-56D2-4CD1-BC30-5B2FF0F4E722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B898B95-CF41-4813-8FE7-776BD59A6A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "5D9BF9ED-965A-4BF5-A3EC-FAFCE880F14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5E5899-5A3F-49A1-B18C-4C97566B87BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C7897EEC-DE43-485A-B2CD-E8623A6D2C8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC16FE2-E94E-45B9-94F0-B6434B21DD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "278434CA-DD56-47FC-9C15-4B9D4159786C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c."
},
{
"lang": "es",
"value": "La funci\u00f3n png_do_expand_palette en libpng anteriores a 1.6.8 permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero NULO y crash de la aplicaci\u00f3n) a trav\u00e9s de (1) un chunk PLTE de cero bytes o (2) una paleta NULL, relacionada con pngrtran.c y pngset.c"
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\n\n\"CWE-476: NULL Pointer Dereference\"",
"id": "CVE-2013-6954",
"lastModified": "2025-06-10T14:15:22.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2014-01-12T18:34:55.893",
"references": [
{
"source": "cret@cert.org",
"url": "http://advisories.mageia.org/MGASA-2014-0075.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html"
},
{
"source": "cret@cert.org",
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"source": "cret@cert.org",
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"source": "cret@cert.org",
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"source": "cret@cert.org",
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"source": "cret@cert.org",
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"source": "cret@cert.org",
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"source": "cret@cert.org",
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"source": "cret@cert.org",
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/58974"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/59058"
},
{
"source": "cret@cert.org",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/"
},
{
"source": "cret@cert.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
},
{
"source": "cret@cert.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/650142"
},
{
"source": "cret@cert.org",
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:035"
},
{
"source": "cret@cert.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/64493"
},
{
"source": "cret@cert.org",
"url": "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"source": "cret@cert.org",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"source": "cret@cert.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045561"
},
{
"source": "cret@cert.org",
"url": "https://www.ibm.com/support/docview.wss?uid=swg21675973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/650142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.ibm.com/support/docview.wss?uid=swg21675973"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-09 13:29
Modified
2024-11-21 03:47
Severity ?
Summary
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/105599 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1041889 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3000 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3001 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3002 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3003 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3007 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3008 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3533 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3534 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3671 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3672 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3779 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3852 | Third Party Advisory | |
| cve@mitre.org | https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2 | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201908-10 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20181018-0001/ | Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/p/libpng/bugs/278/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3712-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105599 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041889 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3000 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3001 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3002 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3007 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3008 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3533 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3534 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3671 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3672 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3779 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3852 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201908-10 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20181018-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/libpng/bugs/278/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3712-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | 1.6.34 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 | |
| oracle | jdk | 1.6.0 | |
| oracle | jdk | 1.7.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.0 | |
| oracle | jre | 1.6.0 | |
| oracle | jre | 1.7.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD36A99-1431-4B6C-9C92-3D94B56B4BED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*",
"matchCriteriaId": "9C07DBB8-760D-4A9E-B7C7-A382D650658B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*",
"matchCriteriaId": "ED6BF214-B45C-405E-83AC-C8A084A6E4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*",
"matchCriteriaId": "7D8C0DB7-6178-4D70-B460-97A49F012560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE66FC86-ADF3-4295-9C10-2A0AF16A538C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*",
"matchCriteriaId": "BBE0F763-B860-4B30-A5E9-2FCE78F5932D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*",
"matchCriteriaId": "C192F54C-108C-4E40-BC29-CF911C3B9EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*",
"matchCriteriaId": "4ADC2C70-B7C4-49AC-B4CC-C5FC60903F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32548053-521C-4D17-8791-680074D5C55E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service."
},
{
"lang": "es",
"value": "En libpng 1.6.34, un c\u00e1lculo err\u00f3neo de row_factor en la funci\u00f3n png_check_chunk_length (pngrutil.c) podr\u00eda desencadenar un desbordamiento de enteros y una divisi\u00f3n entre cero resultante al procesar un archivo PNG manipulado, lo que conducir\u00eda a una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-13785",
"lastModified": "2024-11-21T03:47:58.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-09T13:29:00.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105599"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041889"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3000"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3001"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3002"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3003"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3007"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3008"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3533"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3534"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3671"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3672"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3779"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3852"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-10"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libpng/bugs/278/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3712-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libpng/bugs/278/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3712-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-17 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=9dad5e37aef295b4ef8dea39392b652deebc9261 | ||
| secalert@redhat.com | http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=133951357207000&w=2 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=133951357207000&w=2 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/45046 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45405 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45492 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/49660 | Broken Link | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201206-15.xml | Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT5002 | Third Party Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2011/dsa-2287 | Third Party Advisory | |
| secalert@redhat.com | http://www.libpng.org/pub/png/libpng.html | Product, Vendor Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:151 | Broken Link | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/07/13/2 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/48660 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=720608 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/68537 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=9dad5e37aef295b4ef8dea39392b652deebc9261 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=133951357207000&w=2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=133951357207000&w=2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45046 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45405 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45492 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49660 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201206-15.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5002 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2287 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.libpng.org/pub/png/libpng.html | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:151 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/07/13/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/48660 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=720608 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/68537 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | * | |
| libpng | libpng | * | |
| libpng | libpng | * | |
| fedoraproject | fedora | 14 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "457596BD-6D1A-4BF6-AB6B-00C015282A5C",
"versionEndExcluding": "1.0.55",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0A4818-9441-4057-BF47-EDC25FC9A3D2",
"versionEndExcluding": "1.2.45",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66F5725F-4C45-48C1-B31C-7A25E735AE49",
"versionEndExcluding": "1.4.8",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25E29B1D-F756-40BE-8419-4224391D8D61",
"versionEndExcluding": "1.5.4",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE52846-24EC-4068-B788-EC7F915FFF11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image."
},
{
"lang": "es",
"value": "La funci\u00f3n png_err en pngerror.c en libpng v1.0.x antes de v1.0.55, en v1.2.x antes de v1.2.45, en v1.4.x antes de v1.4.8, y en v1.5.x antes de v1.5.4, hace una llamada a la funci\u00f3n con un argumento de puntero NULL en lugar de un argumento de cadena vac\u00eda, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una imagen PNG creada."
}
],
"id": "CVE-2011-2691",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2011-07-17T20:55:01.577",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=9dad5e37aef295b4ef8dea39392b652deebc9261"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45046"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45405"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45492"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/49660"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"source": "secalert@redhat.com",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/13/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/48660"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720608"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=9dad5e37aef295b4ef8dea39392b652deebc9261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/49660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/48660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68537"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-08 21:17
Modified
2025-04-09 00:30
Severity ?
Summary
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html | Third Party Advisory | |
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=195261 | Third Party Advisory | |
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307562 | Third Party Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2008//May/msg00001.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27284 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27529 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27629 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27746 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29420 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/30161 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/30430 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35302 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35386 | Third Party Advisory | |
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323 | Third Party Advisory | |
| cve@mitre.org | http://sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com&forum_name=png-mng-implement | Third Party Advisory | |
| cve@mitre.org | http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com | Third Party Advisory | |
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 | Broken Link | |
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 | Broken Link | |
| cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm | Third Party Advisory | |
| cve@mitre.org | http://www.coresecurity.com/?action=item&id=2148 | Third Party Advisory | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml | Third Party Advisory | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:217 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/483582/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/489135/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/25957 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA08-150A.html | Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0924/references | Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1697 | Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1462 | Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1560 | Third Party Advisory | |
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1814 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=195261 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307562 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008//May/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27284 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27529 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27629 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27746 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29420 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30161 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30430 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35302 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35386 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com&forum_name=png-mng-implement | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coresecurity.com/?action=item&id=2148 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:217 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483582/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489135/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25957 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA08-150A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0924/references | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1697 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1462 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1560 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1814 | Broken Link |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A6442D5-8045-49D3-9F30-C4FF1D991BE3",
"versionEndIncluding": "1.0.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF36838B-2645-4803-987A-5DB49486A52D",
"versionEndIncluding": "1.2.20",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated."
},
{
"lang": "es",
"value": "Error de superaci\u00f3n de l\u00edmite (off-by-one) en el manejo de perfiles ICC en la funci\u00f3n png_set_iCCP de pngset.c en libpng anterior a 1.0.29 beta1 y 1.2.x anterior a 1.2.21 beta1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante una imagen PNG manipulada artesanalmente que provoca que el campo de nombre no termine con NULL."
}
],
"id": "CVE-2007-5266",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-08T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27284"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27529"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27629"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27746"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30161"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30430"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35302"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35386"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com\u0026forum_name=png-mng-implement"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25957"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com\u0026forum_name=png-mng-implement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1814"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of libpng and libpng10 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2007-10-16T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-10 19:59
Modified
2025-06-09 16:15
Severity ?
Summary
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html | ||
| cve@mitre.org | http://secunia.com/advisories/62725 | ||
| cve@mitre.org | http://sourceforge.net/p/png-mng/mailman/message/33172831/ | ||
| cve@mitre.org | http://sourceforge.net/p/png-mng/mailman/message/33173461/ | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/01/04/3 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/01/10/1 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/01/10/3 | ||
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/71820 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1031444 | ||
| cve@mitre.org | https://support.apple.com/HT206167 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/62725 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/p/png-mng/mailman/message/33172831/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/p/png-mng/mailman/message/33173461/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/01/04/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/01/10/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/01/10/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/71820 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031444 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206167 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | * | |
| libpng | libpng | * | |
| libpng | libpng | 1.6.0 | |
| libpng | libpng | 1.6.0 | |
| libpng | libpng | 1.6.1 | |
| libpng | libpng | 1.6.1 | |
| libpng | libpng | 1.6.2 | |
| libpng | libpng | 1.6.2 | |
| libpng | libpng | 1.6.3 | |
| libpng | libpng | 1.6.3 | |
| libpng | libpng | 1.6.4 | |
| libpng | libpng | 1.6.4 | |
| libpng | libpng | 1.6.5 | |
| libpng | libpng | 1.6.6 | |
| libpng | libpng | 1.6.7 | |
| libpng | libpng | 1.6.7 | |
| libpng | libpng | 1.6.8 | |
| libpng | libpng | 1.6.8 | |
| libpng | libpng | 1.6.9 | |
| libpng | libpng | 1.6.9 | |
| libpng | libpng | 1.6.10 | |
| libpng | libpng | 1.6.10 | |
| libpng | libpng | 1.6.11 | |
| libpng | libpng | 1.6.11 | |
| libpng | libpng | 1.6.12 | |
| libpng | libpng | 1.6.13 | |
| libpng | libpng | 1.6.13 | |
| libpng | libpng | 1.6.14 | |
| libpng | libpng | 1.6.14 | |
| libpng | libpng | 1.6.15 | |
| libpng | libpng | 1.6.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82",
"versionEndIncluding": "10.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "4D0BD544-FE2A-4AC6-8402-15A677EFC24C",
"versionEndIncluding": "1.5.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0D174-F35C-488B-8577-00EFB7741089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "051989A3-3F72-4223-98DF-54B0488656F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDC5DA5-F2A7-4819-BB9D-258EB9AB7857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "02FCC235-9564-4B92-B1AB-294EAB110E95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27B34D78-C0BC-45DC-AD84-F5F13451ED7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "40C344C8-812C-4EDE-9AD6-31EF7F0E24C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D3A7EC-774C-423F-BDE1-CDCB9433D87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "B9353E66-56D2-4CD1-BC30-5B2FF0F4E722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B898B95-CF41-4813-8FE7-776BD59A6A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "5D9BF9ED-965A-4BF5-A3EC-FAFCE880F14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5E5899-5A3F-49A1-B18C-4C97566B87BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C7897EEC-DE43-485A-B2CD-E8623A6D2C8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC16FE2-E94E-45B9-94F0-B6434B21DD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "278434CA-DD56-47FC-9C15-4B9D4159786C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8DAE31-CCA9-450D-90E5-B8F0490FB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "0C5712AB-1A98-45DB-8384-5CD70D03684C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "52FEB5C9-0C13-4FD6-876C-AAE7ED4E986C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "B2903D2B-A99A-4120-88DC-A1DF59085F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2337F9F3-D26D-4A24-880A-800CD5C16795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.10:beta:*:*:*:*:*:*",
"matchCriteriaId": "D97CC2D1-657A-48D7-8035-89986341B56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "31F71BA3-5402-448E-9068-EB0DCA1D62EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.11:beta:*:*:*:*:*:*",
"matchCriteriaId": "3539DE6A-05BE-47EB-A89F-D3E4D98FC014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.12:beta:*:*:*:*:*:*",
"matchCriteriaId": "4A004603-261B-49DB-B15B-A8EE0F3AB4BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "AD67323A-8463-4B8F-B370-40C2ACFF4D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.13:beta:*:*:*:*:*:*",
"matchCriteriaId": "6944746B-2032-4088-A7EB-EE004F12274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2BBA4F43-0FD0-4D7D-84A0-37C8E79B9B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.14:beta:*:*:*:*:*:*",
"matchCriteriaId": "7AC27CC2-D64C-4AED-A0DF-F6F2920D7AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "71E01CC8-1C29-4C46-8213-B48A2364CE8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.15:beta:*:*:*:*:*:*",
"matchCriteriaId": "2A8396AB-D983-4F04-A9F5-FA120A0E0AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n png_combine_row en libpng en versiones anteriores a 1.5.21 y 1.6.x en versiones anteriores a 1.6.16, cuando se ejecuta en sistemas de 64 bits, podr\u00eda permitir a atacantes dependientes del contexto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen PNG \"entrelazada muy ampliamente\"."
}
],
"id": "CVE-2014-9495",
"lastModified": "2025-06-09T16:15:24.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2015-01-10T19:59:00.047",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62725"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71820"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1031444"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206167"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-24 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2015-2594.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2015-2595.html | ||
| cve@mitre.org | http://sourceforge.net/p/libpng/bugs/241/ | ||
| cve@mitre.org | http://sourceforge.net/projects/libpng/files/libpng10/1.0.64/ | ||
| cve@mitre.org | http://sourceforge.net/projects/libpng/files/libpng12/1.2.54/ | Patch | |
| cve@mitre.org | http://sourceforge.net/projects/libpng/files/libpng14/1.4.17/ | Exploit | |
| cve@mitre.org | http://www.debian.org/security/2015/dsa-3399 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/10/26/1 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/10/26/3 | ||
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | ||
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/77304 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1034393 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/USN-2815-1 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2016:1430 | ||
| cve@mitre.org | https://security.gentoo.org/glsa/201611-08 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2015-2594.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2015-2595.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/p/libpng/bugs/241/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/libpng/files/libpng10/1.0.64/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/libpng/files/libpng12/1.2.54/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/libpng/files/libpng14/1.4.17/ | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3399 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/10/26/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/10/26/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/77304 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034393 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2815-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1430 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201611-08 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_hpc_node | 7.0 | |
| redhat | enterprise_linux_hpc_node_eus | 7.2 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.2 | |
| redhat | enterprise_linux_server_eus | 7.2 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| libpng | libpng | 1.0.0 | |
| libpng | libpng | 1.0.1 | |
| libpng | libpng | 1.0.2 | |
| libpng | libpng | 1.0.3 | |
| libpng | libpng | 1.0.5 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.10 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.13 | |
| libpng | libpng | 1.0.14 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.16 | |
| libpng | libpng | 1.0.17 | |
| libpng | libpng | 1.0.18 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.20 | |
| libpng | libpng | 1.0.21 | |
| libpng | libpng | 1.0.22 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.24 | |
| libpng | libpng | 1.0.25 | |
| libpng | libpng | 1.0.26 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.30 | |
| libpng | libpng | 1.0.31 | |
| libpng | libpng | 1.0.32 | |
| libpng | libpng | 1.0.33 | |
| libpng | libpng | 1.0.34 | |
| libpng | libpng | 1.0.35 | |
| libpng | libpng | 1.0.37 | |
| libpng | libpng | 1.0.38 | |
| libpng | libpng | 1.0.39 | |
| libpng | libpng | 1.0.40 | |
| libpng | libpng | 1.0.41 | |
| libpng | libpng | 1.0.42 | |
| libpng | libpng | 1.0.43 | |
| libpng | libpng | 1.0.44 | |
| libpng | libpng | 1.0.45 | |
| libpng | libpng | 1.0.46 | |
| libpng | libpng | 1.0.47 | |
| libpng | libpng | 1.0.48 | |
| libpng | libpng | 1.0.50 | |
| libpng | libpng | 1.0.51 | |
| libpng | libpng | 1.0.52 | |
| libpng | libpng | 1.0.53 | |
| libpng | libpng | 1.0.54 | |
| libpng | libpng | 1.0.55 | |
| libpng | libpng | 1.0.55 | |
| libpng | libpng | 1.0.56 | |
| libpng | libpng | 1.0.56 | |
| libpng | libpng | 1.0.57 | |
| libpng | libpng | 1.0.57 | |
| libpng | libpng | 1.0.58 | |
| libpng | libpng | 1.0.59 | |
| libpng | libpng | 1.0.60 | |
| libpng | libpng | 1.0.61 | |
| libpng | libpng | 1.0.62 | |
| libpng | libpng | 1.0.63 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.7 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.12 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.18 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.27 | |
| libpng | libpng | 1.2.28 | |
| libpng | libpng | 1.2.29 | |
| libpng | libpng | 1.2.30 | |
| libpng | libpng | 1.2.31 | |
| libpng | libpng | 1.2.32 | |
| libpng | libpng | 1.2.33 | |
| libpng | libpng | 1.2.34 | |
| libpng | libpng | 1.2.35 | |
| libpng | libpng | 1.2.36 | |
| libpng | libpng | 1.2.37 | |
| libpng | libpng | 1.2.38 | |
| libpng | libpng | 1.2.39 | |
| libpng | libpng | 1.2.40 | |
| libpng | libpng | 1.2.41 | |
| libpng | libpng | 1.2.42 | |
| libpng | libpng | 1.2.43 | |
| libpng | libpng | 1.2.43 | |
| libpng | libpng | 1.2.44 | |
| libpng | libpng | 1.2.45 | |
| libpng | libpng | 1.2.45 | |
| libpng | libpng | 1.2.46 | |
| libpng | libpng | 1.2.46 | |
| libpng | libpng | 1.2.47 | |
| libpng | libpng | 1.2.47 | |
| libpng | libpng | 1.2.48 | |
| libpng | libpng | 1.2.48 | |
| libpng | libpng | 1.2.49 | |
| libpng | libpng | 1.2.50 | |
| libpng | libpng | 1.2.51 | |
| libpng | libpng | 1.2.52 | |
| libpng | libpng | 1.2.53 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.1 | |
| libpng | libpng | 1.4.2 | |
| libpng | libpng | 1.4.3 | |
| libpng | libpng | 1.4.4 | |
| libpng | libpng | 1.4.5 | |
| libpng | libpng | 1.4.6 | |
| libpng | libpng | 1.4.7 | |
| libpng | libpng | 1.4.8 | |
| libpng | libpng | 1.4.9 | |
| libpng | libpng | 1.4.10 | |
| libpng | libpng | 1.4.11 | |
| libpng | libpng | 1.4.12 | |
| libpng | libpng | 1.4.13 | |
| libpng | libpng | 1.4.14 | |
| libpng | libpng | 1.4.15 | |
| libpng | libpng | 1.4.16 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_hpc_node | 6.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server_eus | 6.7.z | |
| redhat | enterprise_linux_workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39A901D6-0874-46A4-92A8-5F72C7A89E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6B3DAF-DF99-48B2-8E7C-BE8E043D4C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29050958-EFD8-4A79-9022-EF72AAD4EDB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CB33B1-71B2-4235-A2C1-FCAEA9844A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "436F8C71-1780-4DC6-937B-8F1F51C7453D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF2C6F3-BFE7-4234-9975-DE7FCDA26A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B79DC5F-5062-4031-BA11-746EE3C8E1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD6DE25-8B2F-4DB9-9969-8AAC23BC0AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "35F2B503-1516-465D-A558-9932BDB3457D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BA94EAAA-A4D2-4E36-BC69-BBE9644FE970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A7C96C-8FBB-42B4-937E-3321C939CC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94084356-D39B-41B2-AC24-0ADAD0BF5988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "086C6335-7872-46A7-AEB1-9BE5AE5A788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8233B1-04A0-4E25-97EE-CF466B48A12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FA714E7E-05EF-4598-9324-887BC66C675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CF3B73-D3B9-4D76-B411-C837BCE0806E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1752D91-3468-4E22-B60F-6789B3CBD7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F433AA7E-A780-4D45-AD1A-5A4CE1F3FCD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "93E210A7-489B-4EA7-A840-599523157DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B37565FA-72F5-4063-8D7A-97BC269F020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8FA821-818E-4BC7-834B-94EB5C042390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FBF3D3-95A6-4869-8A69-F0E5ECA40220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D07785D0-E995-4208-AB8C-43B320D291F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "152DDD6E-CF56-4E1C-BE4D-C7BC0FD9B08C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "19BBA666-4473-4C6D-BF48-34EF3F09AD7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DDF6CC-7997-47E7-96D3-8DC10F1D17F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A1926DD0-0A9B-4F9D-BB4F-AC7AB0B3F0E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2763A6C7-DBBA-4E2A-917C-B6FF524B9891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DECDF8-7742-4D58-99FA-100A01748B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4FD3B1-3A68-4122-AA50-31BFC6C50408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "45790331-CE26-457F-8649-F027703E73EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0BFE2D-5C7B-42E0-B783-8C5907CA8635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD993C1-70B6-4ACB-B958-94E7EF973A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "C085686C-A0AA-4F56-9E7D-B5CB24B890D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D02A5197-06B9-469E-9817-45BB23324042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB6BE37-E564-4E42-BE39-36DD301C37A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "314209F2-E0A0-4045-8108-8E7215312442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "11A8ECBB-7E50-4447-88E2-893C1466C251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8F24A5-F5C3-495F-9AF0-2EE836E0147A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "46DE2DE3-F081-4B80-A4DA-C5AB27B3CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "71EF1D77-7838-47DF-B6A2-DBBAC0058FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "76BA4FEA-FEB4-47A9-9DFF-A233CEE03D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB5A63-E89E-48AB-A846-107EBEC71D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "2181FEEB-D07E-490C-9953-3490D87B63A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "36DC41DD-A291-4ECE-84B9-574828AA2A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "015D1E36-17A1-4413-B1FB-5DF4C36712BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "F64CE8F2-22B1-43F8-8934-CBCD2EFBA85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB15BE8-1B88-4117-AF14-3AA2B54DB323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CB2728-4CC7-46EA-809B-450A9BB9F884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "96638963-D264-49AD-9B77-497C3DA23DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "88544BBE-29A1-4622-B3E6-FA4B891A9B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "DD658D98-9A4D-4DC2-A935-BB3BF0E0FB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF819AF-AC11-4BD9-A070-572836A65FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "2EEAC62D-BF2B-40DF-9428-FFBF7CA09471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.55:rc01:*:*:*:*:*:*",
"matchCriteriaId": "27DFAB04-5C5C-4366-B3FC-C83AAB807F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "36327723-F953-4BD3-A525-930DDCF7931D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.56:devel:*:*:*:*:*:*",
"matchCriteriaId": "36F717B1-CC02-4878-9A78-1584074E81C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7D482811-2EF1-47AE-A41C-7532AC6DEF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.57:rc01:*:*:*:*:*:*",
"matchCriteriaId": "FF26AB67-81F8-4CD2-8E28-BDF9FE2CD58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0EE98D-0596-4147-9EC4-F3616BF2B901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "62F15027-0E80-48B7-9ECD-9E7228F0E81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "99904D7E-0046-4481-99B6-01710D4FC848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB33B4E-E69A-4002-816C-24CCD49682F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "42A4FAF1-4B81-47C4-BFB7-6052524A2DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "686A50C3-93E1-4C3F-8089-322BE26E6317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C036011A-9AE1-423C-8B73-188B9BA20FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "663C6EE5-5B5E-4C0F-9E7F-D0E1DA9AF9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8051459E-94D3-4D4A-9D40-CC9475DDB00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42056C63-69A7-43CF-828C-0C3E365702D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6A39A3-7F86-4DC3-B248-859630AFB9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58377AE3-1C13-4C3F-BC55-8336DAEEF97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "005C2DA4-D00E-4206-851E-9226D66B5F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97B17602-0D97-469B-A9B1-30AAC8F758F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "857B664A-C6F9-45E3-93EA-C0F53CEF5C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFDA458-74E8-4DEF-B524-A4A8672CB66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3E3BF3-4376-4692-A515-A7B6593F28F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6AF9D5-CE60-4FC9-91AB-E243F0D429E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1AC712-110D-458F-B650-930C6D45CA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F848FA5-9682-454F-A9DE-671C4401F15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B83678-98A1-440E-950C-4A27995C7294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9EEE31-479A-4370-BF00-C26C1AF502B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "95EABD7D-1F18-4FA5-BAA9-F8D69129E531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "65B836CA-3740-48B0-966B-21E65EF3D636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3988FA1B-18D9-46AA-87BA-A6B01D4F4B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51A46409-7AC6-45DB-B92D-29988C445BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "09E2B608-6C70-446F-A3A7-369048D99855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA00AE0-F447-4361-AA37-0C98BDE491E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "21DACE94-FBDC-4A3D-8DD6-E62D18F5EE7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "220A02AF-6ADA-4B75-BC81-40B2D847029A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEB8F61-195E-41DE-90CE-22854055E9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F72B91-1F7F-41EB-ABC8-1B50AFEC70EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "111091B9-CBAE-4FC7-8B97-7D2345BFCB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "54C6D9D3-50B2-4A63-B3D1-C76C70F4443E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "4110AA74-C69D-45BC-A630-9EE3A2036BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DEFD05-10EE-4242-B885-FD1B0DF6CAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAA1090-C1C7-43A2-BD44-065572D226B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD92305-91BF-4984-A029-8FA83CBF1A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F9A6DB-19BF-4798-879E-9BD4AD5EFF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "31EE280F-D76D-478B-ADD6-D5F2C7574A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "747314F7-A515-41FF-8095-62A9F05F0DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BE9ED0-685B-41F0-A984-D33E7034AEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F6AD99-7697-47E5-8301-723C16535C76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*",
"matchCriteriaId": "07B00AD3-D13C-45B5-A13A-9092D40F4A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*",
"matchCriteriaId": "14222EA8-E8ED-4818-ACB4-C6A13643F210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*",
"matchCriteriaId": "A22C28DD-5C99-4722-9093-A1E82A2C2808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "93714B71-6331-4F5A-A12A-B4B80CA2FEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10CD562E-1F06-4779-A29C-4069E3C86B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "4D83D507-64AF-4158-97B9-1353E2F8EE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5E39EA-C32E-4E87-9A3F-CCB5144F0E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.43:devel:*:*:*:*:*:*",
"matchCriteriaId": "61B9103F-CD72-4F06-BED1-7AE4AB9E672C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF6249D-5AA8-4EA3-A92A-0E492FE5B811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE7F259-40A2-4866-8EF8-44A9913EC4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.45:devel:*:*:*:*:*:*",
"matchCriteriaId": "CFA3EED5-F0AB-4C5C-92D7-B84BFDAA31AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*",
"matchCriteriaId": "03C20A42-6A77-43D4-80D7-332BB2DF1B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.46:devel:*:*:*:*:*:*",
"matchCriteriaId": "8A0A1B56-0E92-4E81-9B2C-4F9B9D5833EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC5DBB-249B-4EED-9F54-E23CB1919ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.47:beta:*:*:*:*:*:*",
"matchCriteriaId": "C10D9119-0FF8-4DFE-8632-A14D9C83CC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "088A1BDB-BB1A-46B5-898B-23311DE27CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.48:betas:*:*:*:*:*:*",
"matchCriteriaId": "C24CA735-6EA6-41E3-A82D-D443BB47806B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAA828-F42A-420F-B17E-6FACF6CD483D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "D20664A4-4816-4F57-82BB-F4116FA33A41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "64226521-0723-4259-B214-0D2A35CF5FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*",
"matchCriteriaId": "6ABEEBFE-A8C8-40D4-97D8-F06676E67478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*",
"matchCriteriaId": "47831D80-33AC-4A13-B92D-3D2CBF215955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D5DAA1-3632-48D7-A657-4A4C83A119D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5AE8E0-3C11-4EE1-A599-4D70C6A13F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD36C3B-3C02-488B-B480-EA091D702CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BAD272-D4B6-40CE-B5E9-63145E12B638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEB311C-766D-4070-A0BE-9CE4593C8F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C185BF59-68E4-49F8-802F-C06FE840FF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C399B31-B8EC-41C4-B6AB-83BABC474374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B00AF5F-D4F5-490C-8BF4-2B33EFBF15A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9AEB1D-0AA7-4842-9CF9-91BFD8B58A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "09150152-5DEA-4FA2-9163-63EAF4D83DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "45E5068A-42BE-478B-8C00-FE23B7837DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "023CCFB0-7995-408E-928A-76C5BD9B4924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "493F615D-DB81-48B3-9E74-C32544A01372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F12925-44F7-4790-8A06-345EB3DCCB71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5BF226-D62F-4F54-B771-EB108FD256FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EDBFCB-96DA-4A36-873A-3164975BE997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDB15BE-BDD2-4210-B224-A520E8DC7D89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*",
"matchCriteriaId": "AA856400-1B48-429A-94A0-173B7EEE1EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read."
},
{
"lang": "es",
"value": "La funci\u00f3n png_convert_to_rfc1123 en png.c en libpng 1.0.x en versiones anteriores a 1.0.64, 1.2.x en versiones anteriores a 1.2.54 y 1.4.x en versiones anteriores a 1.4.17 permite a atacantes remotos obtener informaci\u00f3n sensible de la memoria de proceso a trav\u00e9s de un fragmento de datos tlME manipulado en un archivo de imagen, lo que desencadena una lectura fuera de rango."
}
],
"id": "CVE-2015-7981",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-24T20:59:15.017",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/p/libpng/bugs/241/"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.64/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.54/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.17/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3399"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/10/26/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/10/26/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/77304"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034393"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2815-1"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/p/libpng/bugs/241/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.64/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.54/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.17/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/10/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/10/26/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2815-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201611-08"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.apple.com/mhonarc/security-announce/msg00056.html | Broken Link | |
| cve@mitre.org | http://marc.info/?l=bugtraq&m=108334922320309&w=2 | Mailing List | |
| cve@mitre.org | http://marc.info/?l=bugtraq&m=108335030208523&w=2 | Mailing List | |
| cve@mitre.org | http://marc.info/?l=fedora-announce-list&m=108451350029261&w=2 | Mailing List | |
| cve@mitre.org | http://marc.info/?l=fedora-announce-list&m=108451353608968&w=2 | Mailing List | |
| cve@mitre.org | http://secunia.com/advisories/22957 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/22958 | Broken Link | |
| cve@mitre.org | http://www.debian.org/security/2004/dsa-498 | Broken Link | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2004:040 | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2006:212 | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2006:213 | Third Party Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2004-180.html | Broken Link, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2004-181.html | Broken Link | |
| cve@mitre.org | http://www.securityfocus.com/bid/10244 | Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16022 | Broken Link, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710 | Broken Link | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/mhonarc/security-announce/msg00056.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=108334922320309&w=2 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=108335030208523&w=2 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=fedora-announce-list&m=108451350029261&w=2 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=fedora-announce-list&m=108451353608968&w=2 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22957 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22958 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2004/dsa-498 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2004:040 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:212 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:213 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2004-180.html | Broken Link, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2004-181.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10244 | Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16022 | Broken Link, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | 1.0.0 | |
| libpng | libpng | 1.0.5 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.10 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.13 | |
| libpng | libpng | 1.0.14 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.5 | |
| openpkg | openpkg | 1.3 | |
| openpkg | openpkg | 2.0 | |
| redhat | libpng | 1.2.2-16 | |
| redhat | libpng | 1.2.2-20 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux_desktop | 3.0 | |
| trustix | secure_linux | 2.0 | |
| trustix | secure_linux | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6B3DAF-DF99-48B2-8E7C-BE8E043D4C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF2C6F3-BFE7-4234-9975-DE7FCDA26A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B79DC5F-5062-4031-BA11-746EE3C8E1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD6DE25-8B2F-4DB9-9969-8AAC23BC0AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "35F2B503-1516-465D-A558-9932BDB3457D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BA94EAAA-A4D2-4E36-BC69-BBE9644FE970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A7C96C-8FBB-42B4-937E-3321C939CC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94084356-D39B-41B2-AC24-0ADAD0BF5988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "086C6335-7872-46A7-AEB1-9BE5AE5A788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8233B1-04A0-4E25-97EE-CF466B48A12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FA714E7E-05EF-4598-9324-887BC66C675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C036011A-9AE1-423C-8B73-188B9BA20FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "663C6EE5-5B5E-4C0F-9E7F-D0E1DA9AF9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8051459E-94D3-4D4A-9D40-CC9475DDB00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42056C63-69A7-43CF-828C-0C3E365702D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6A39A3-7F86-4DC3-B248-859630AFB9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58377AE3-1C13-4C3F-BC55-8336DAEEF97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libpng:1.2.2-16:*:*:*:*:*:*:*",
"matchCriteriaId": "4826B607-8DAB-44A4-B4FF-4BBFF9A05487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libpng:1.2.2-20:*:*:*:*:*:*:*",
"matchCriteriaId": "3701107A-C208-426B-9EA0-CD1794D0EDA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A423B773-6B8B-4BA3-80A1-C8CAEF4D9BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "40D8DAE0-8E75-435C-9BD6-FAEED2ACB47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message."
},
{
"lang": "es",
"value": "La librer\u00eda de Graficos de Red Portables (libpng) 1.0.15 y anteriores permiten a atacantes causar una denegaci\u00f3n de servicio (ca\u00edda) mediante un fichero de imagen PNG que dispara un error que causa un lectura fuera de l\u00edmites cuando se crea el mensaje de error."
}
],
"id": "CVE-2004-0421",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108334922320309\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108335030208523\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=fedora-announce-list\u0026m=108451350029261\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=fedora-announce-list\u0026m=108451353608968\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/22957"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/22958"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.debian.org/security/2004/dsa-498"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:040"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-180.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-181.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10244"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16022"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108334922320309\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108335030208523\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=fedora-announce-list\u0026m=108451350029261\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=fedora-announce-list\u0026m=108451353608968\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/22957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/22958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.debian.org/security/2004/dsa-498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-180.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-13 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082 | Third Party Advisory | |
| secalert@redhat.com | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=284de253b1561b976291ba7405acd71ae71ff597%3Bhb=refs/heads/libpng10 | ||
| secalert@redhat.com | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=2da5a7a8b690e257f94353b5b49d493cdc385322%3Bhb=refs/heads/libpng14 | ||
| secalert@redhat.com | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=73e2ffd6a1471f2144d0ce7165d7323cb109f10f%3Bhb=refs/heads/libpng15 | ||
| secalert@redhat.com | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bhb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8 | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html | Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/07/24/3 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/07/24/5 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2815-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=284de253b1561b976291ba7405acd71ae71ff597%3Bhb=refs/heads/libpng10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=2da5a7a8b690e257f94353b5b49d493cdc385322%3Bhb=refs/heads/libpng14 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=73e2ffd6a1471f2144d0ce7165d7323cb109f10f%3Bhb=refs/heads/libpng15 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bhb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/07/24/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/07/24/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2815-1 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.1 | |
| libpng | libpng | 1.4.2 | |
| libpng | libpng | 1.4.3 | |
| libpng | libpng | 1.4.4 | |
| libpng | libpng | 1.4.5 | |
| libpng | libpng | 1.4.6 | |
| libpng | libpng | 1.4.7 | |
| libpng | libpng | 1.4.8 | |
| libpng | libpng | 1.4.9 | |
| opensuse | opensuse | 11.4 | |
| opensuse | opensuse | 12.1 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.7 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.12 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.18 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.27 | |
| libpng | libpng | 1.2.28 | |
| libpng | libpng | 1.2.29 | |
| libpng | libpng | 1.2.30 | |
| libpng | libpng | 1.2.31 | |
| libpng | libpng | 1.2.32 | |
| libpng | libpng | 1.2.33 | |
| libpng | libpng | 1.2.34 | |
| libpng | libpng | 1.2.35 | |
| libpng | libpng | 1.2.36 | |
| libpng | libpng | 1.2.37 | |
| libpng | libpng | 1.2.38 | |
| libpng | libpng | 1.2.39 | |
| libpng | libpng | 1.2.40 | |
| libpng | libpng | 1.2.41 | |
| libpng | libpng | 1.2.42 | |
| libpng | libpng | 1.2.43 | |
| libpng | libpng | 1.2.43 | |
| libpng | libpng | 1.2.44 | |
| libpng | libpng | 1.2.45 | |
| libpng | libpng | 1.2.45 | |
| libpng | libpng | 1.2.46 | |
| libpng | libpng | 1.2.46 | |
| libpng | libpng | 1.2.47 | |
| libpng | libpng | 1.2.47 | |
| libpng | libpng | 1.2.48 | |
| redhat | libpng | 1.2.2-16 | |
| redhat | libpng | 1.2.2-20 | |
| debian | debian_linux | 6.0 | |
| libpng | libpng | 1.5.0 | |
| libpng | libpng | 1.5.1 | |
| libpng | libpng | 1.5.1 | |
| libpng | libpng | 1.5.2 | |
| libpng | libpng | 1.5.2 | |
| libpng | libpng | 1.5.3 | |
| libpng | libpng | 1.5.4 | |
| libpng | libpng | 1.5.4 | |
| libpng | libpng | 1.5.5 | |
| libpng | libpng | 1.5.5 | |
| libpng | libpng | 1.5.6 | |
| libpng | libpng | 1.5.6 | |
| libpng | libpng | 1.5.7 | |
| libpng | libpng | 1.5.7 | |
| libpng | libpng | 1.5.8 | |
| libpng | libpng | 1.5.8 | |
| libpng | libpng | 1.5.9 | |
| libpng | libpng | 1.5.9 | |
| libpng | libpng | 1.5.10 | |
| libpng | libpng | 1.0.0 | |
| libpng | libpng | 1.0.1 | |
| libpng | libpng | 1.0.2 | |
| libpng | libpng | 1.0.3 | |
| libpng | libpng | 1.0.5 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.10 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.13 | |
| libpng | libpng | 1.0.14 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.16 | |
| libpng | libpng | 1.0.17 | |
| libpng | libpng | 1.0.18 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.20 | |
| libpng | libpng | 1.0.21 | |
| libpng | libpng | 1.0.22 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.24 | |
| libpng | libpng | 1.0.25 | |
| libpng | libpng | 1.0.26 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.30 | |
| libpng | libpng | 1.0.31 | |
| libpng | libpng | 1.0.32 | |
| libpng | libpng | 1.0.33 | |
| libpng | libpng | 1.0.34 | |
| libpng | libpng | 1.0.35 | |
| libpng | libpng | 1.0.37 | |
| libpng | libpng | 1.0.38 | |
| libpng | libpng | 1.0.39 | |
| libpng | libpng | 1.0.40 | |
| libpng | libpng | 1.0.41 | |
| libpng | libpng | 1.0.42 | |
| libpng | libpng | 1.0.43 | |
| libpng | libpng | 1.0.44 | |
| libpng | libpng | 1.0.45 | |
| libpng | libpng | 1.0.46 | |
| libpng | libpng | 1.0.47 | |
| libpng | libpng | 1.0.48 | |
| libpng | libpng | 1.0.50 | |
| libpng | libpng | 1.0.51 | |
| libpng | libpng | 1.0.52 | |
| libpng | libpng | 1.0.53 | |
| libpng | libpng | 1.0.54 | |
| libpng | libpng | 1.0.55 | |
| libpng | libpng | 1.0.55 | |
| libpng | libpng | 1.0.56 | |
| libpng | libpng | 1.0.56 | |
| libpng | libpng | 1.0.57 | |
| libpng | libpng | 1.0.57 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D5DAA1-3632-48D7-A657-4A4C83A119D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5AE8E0-3C11-4EE1-A599-4D70C6A13F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD36C3B-3C02-488B-B480-EA091D702CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BAD272-D4B6-40CE-B5E9-63145E12B638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEB311C-766D-4070-A0BE-9CE4593C8F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C185BF59-68E4-49F8-802F-C06FE840FF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C399B31-B8EC-41C4-B6AB-83BABC474374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B00AF5F-D4F5-490C-8BF4-2B33EFBF15A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9AEB1D-0AA7-4842-9CF9-91BFD8B58A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "09150152-5DEA-4FA2-9163-63EAF4D83DEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C036011A-9AE1-423C-8B73-188B9BA20FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "663C6EE5-5B5E-4C0F-9E7F-D0E1DA9AF9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8051459E-94D3-4D4A-9D40-CC9475DDB00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42056C63-69A7-43CF-828C-0C3E365702D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6A39A3-7F86-4DC3-B248-859630AFB9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58377AE3-1C13-4C3F-BC55-8336DAEEF97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "005C2DA4-D00E-4206-851E-9226D66B5F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97B17602-0D97-469B-A9B1-30AAC8F758F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "857B664A-C6F9-45E3-93EA-C0F53CEF5C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFDA458-74E8-4DEF-B524-A4A8672CB66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3E3BF3-4376-4692-A515-A7B6593F28F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6AF9D5-CE60-4FC9-91AB-E243F0D429E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1AC712-110D-458F-B650-930C6D45CA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F848FA5-9682-454F-A9DE-671C4401F15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B83678-98A1-440E-950C-4A27995C7294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9EEE31-479A-4370-BF00-C26C1AF502B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "95EABD7D-1F18-4FA5-BAA9-F8D69129E531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "65B836CA-3740-48B0-966B-21E65EF3D636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3988FA1B-18D9-46AA-87BA-A6B01D4F4B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51A46409-7AC6-45DB-B92D-29988C445BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "09E2B608-6C70-446F-A3A7-369048D99855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA00AE0-F447-4361-AA37-0C98BDE491E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "21DACE94-FBDC-4A3D-8DD6-E62D18F5EE7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "220A02AF-6ADA-4B75-BC81-40B2D847029A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEB8F61-195E-41DE-90CE-22854055E9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F72B91-1F7F-41EB-ABC8-1B50AFEC70EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "111091B9-CBAE-4FC7-8B97-7D2345BFCB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "54C6D9D3-50B2-4A63-B3D1-C76C70F4443E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "4110AA74-C69D-45BC-A630-9EE3A2036BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DEFD05-10EE-4242-B885-FD1B0DF6CAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAA1090-C1C7-43A2-BD44-065572D226B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD92305-91BF-4984-A029-8FA83CBF1A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F9A6DB-19BF-4798-879E-9BD4AD5EFF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "31EE280F-D76D-478B-ADD6-D5F2C7574A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "747314F7-A515-41FF-8095-62A9F05F0DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BE9ED0-685B-41F0-A984-D33E7034AEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F6AD99-7697-47E5-8301-723C16535C76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*",
"matchCriteriaId": "07B00AD3-D13C-45B5-A13A-9092D40F4A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*",
"matchCriteriaId": "14222EA8-E8ED-4818-ACB4-C6A13643F210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*",
"matchCriteriaId": "A22C28DD-5C99-4722-9093-A1E82A2C2808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "93714B71-6331-4F5A-A12A-B4B80CA2FEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10CD562E-1F06-4779-A29C-4069E3C86B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "4D83D507-64AF-4158-97B9-1353E2F8EE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5E39EA-C32E-4E87-9A3F-CCB5144F0E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.43:devel:*:*:*:*:*:*",
"matchCriteriaId": "61B9103F-CD72-4F06-BED1-7AE4AB9E672C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF6249D-5AA8-4EA3-A92A-0E492FE5B811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE7F259-40A2-4866-8EF8-44A9913EC4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.45:devel:*:*:*:*:*:*",
"matchCriteriaId": "CFA3EED5-F0AB-4C5C-92D7-B84BFDAA31AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*",
"matchCriteriaId": "03C20A42-6A77-43D4-80D7-332BB2DF1B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.46:devel:*:*:*:*:*:*",
"matchCriteriaId": "8A0A1B56-0E92-4E81-9B2C-4F9B9D5833EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC5DBB-249B-4EED-9F54-E23CB1919ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.47:beta:*:*:*:*:*:*",
"matchCriteriaId": "C10D9119-0FF8-4DFE-8632-A14D9C83CC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.48:betas:*:*:*:*:*:*",
"matchCriteriaId": "C24CA735-6EA6-41E3-A82D-D443BB47806B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libpng:1.2.2-16:*:*:*:*:*:*:*",
"matchCriteriaId": "4826B607-8DAB-44A4-B4FF-4BBFF9A05487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libpng:1.2.2-20:*:*:*:*:*:*:*",
"matchCriteriaId": "3701107A-C208-426B-9EA0-CD1794D0EDA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8BA2974-AF9F-4382-B443-F54354B5623A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8BC209-45B9-44D6-A26D-0B570ED5BB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "468B1A0E-AF58-42C4-9801-D6F83F283360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6644ED2F-66F3-469D-8233-72FE7321E850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "B36D610D-F86A-4D46-B0F2-884FFA601C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8A976DD-87FA-425D-8E07-E3CFC4D3FD05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34978D-6ABE-463E-AB48-21CC55B7D157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "3716FF0E-AD20-46F8-B8F6-3EC42D427C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4568BB-F5FF-4BBB-9DA3-E66C2BFA2416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "E5300EC4-B3A0-42C5-8D39-67AB75C47153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "246CF13F-FDC1-499E-9FC1-5624D54E9E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "D5840A8E-AB64-40A9-8BB6-EB6BA51D40B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC66FD43-421B-4223-BA32-EC47B51E1091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "EEC9D57C-47F2-4773-85B6-FFB0C4681E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F5664B-5AB9-4DE4-99AA-8FD32DBA4A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "5CD1C8E6-DF35-47F7-877F-001AD62B57CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7712376-D776-4814-A041-FBFEAC70ADC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "DF69B34E-F7FB-4F4C-AF7D-ACD165B1233B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.10:beta:*:*:*:*:*:*",
"matchCriteriaId": "F7CC2E64-E48C-4DE6-892D-06A0B806A51B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6B3DAF-DF99-48B2-8E7C-BE8E043D4C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29050958-EFD8-4A79-9022-EF72AAD4EDB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CB33B1-71B2-4235-A2C1-FCAEA9844A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "436F8C71-1780-4DC6-937B-8F1F51C7453D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF2C6F3-BFE7-4234-9975-DE7FCDA26A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B79DC5F-5062-4031-BA11-746EE3C8E1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD6DE25-8B2F-4DB9-9969-8AAC23BC0AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "35F2B503-1516-465D-A558-9932BDB3457D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BA94EAAA-A4D2-4E36-BC69-BBE9644FE970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A7C96C-8FBB-42B4-937E-3321C939CC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94084356-D39B-41B2-AC24-0ADAD0BF5988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "086C6335-7872-46A7-AEB1-9BE5AE5A788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8233B1-04A0-4E25-97EE-CF466B48A12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FA714E7E-05EF-4598-9324-887BC66C675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CF3B73-D3B9-4D76-B411-C837BCE0806E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1752D91-3468-4E22-B60F-6789B3CBD7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F433AA7E-A780-4D45-AD1A-5A4CE1F3FCD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "93E210A7-489B-4EA7-A840-599523157DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B37565FA-72F5-4063-8D7A-97BC269F020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8FA821-818E-4BC7-834B-94EB5C042390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FBF3D3-95A6-4869-8A69-F0E5ECA40220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D07785D0-E995-4208-AB8C-43B320D291F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "152DDD6E-CF56-4E1C-BE4D-C7BC0FD9B08C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "19BBA666-4473-4C6D-BF48-34EF3F09AD7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DDF6CC-7997-47E7-96D3-8DC10F1D17F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A1926DD0-0A9B-4F9D-BB4F-AC7AB0B3F0E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2763A6C7-DBBA-4E2A-917C-B6FF524B9891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DECDF8-7742-4D58-99FA-100A01748B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4FD3B1-3A68-4122-AA50-31BFC6C50408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "45790331-CE26-457F-8649-F027703E73EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0BFE2D-5C7B-42E0-B783-8C5907CA8635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD993C1-70B6-4ACB-B958-94E7EF973A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "C085686C-A0AA-4F56-9E7D-B5CB24B890D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D02A5197-06B9-469E-9817-45BB23324042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB6BE37-E564-4E42-BE39-36DD301C37A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "314209F2-E0A0-4045-8108-8E7215312442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "11A8ECBB-7E50-4447-88E2-893C1466C251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8F24A5-F5C3-495F-9AF0-2EE836E0147A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "46DE2DE3-F081-4B80-A4DA-C5AB27B3CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "71EF1D77-7838-47DF-B6A2-DBBAC0058FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "76BA4FEA-FEB4-47A9-9DFF-A233CEE03D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB5A63-E89E-48AB-A846-107EBEC71D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "2181FEEB-D07E-490C-9953-3490D87B63A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "36DC41DD-A291-4ECE-84B9-574828AA2A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "015D1E36-17A1-4413-B1FB-5DF4C36712BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "F64CE8F2-22B1-43F8-8934-CBCD2EFBA85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB15BE8-1B88-4117-AF14-3AA2B54DB323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CB2728-4CC7-46EA-809B-450A9BB9F884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "96638963-D264-49AD-9B77-497C3DA23DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "88544BBE-29A1-4622-B3E6-FA4B891A9B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "DD658D98-9A4D-4DC2-A935-BB3BF0E0FB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF819AF-AC11-4BD9-A070-572836A65FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "2EEAC62D-BF2B-40DF-9428-FFBF7CA09471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.55:rc01:*:*:*:*:*:*",
"matchCriteriaId": "27DFAB04-5C5C-4366-B3FC-C83AAB807F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "36327723-F953-4BD3-A525-930DDCF7931D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.56:devel:*:*:*:*:*:*",
"matchCriteriaId": "36F717B1-CC02-4878-9A78-1584074E81C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7D482811-2EF1-47AE-A41C-7532AC6DEF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.57:rc01:*:*:*:*:*:*",
"matchCriteriaId": "FF26AB67-81F8-4CD2-8E28-BDF9FE2CD58F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image."
},
{
"lang": "es",
"value": "La funci\u00f3n png_push_read_zTXt en pngpread.c en libpng v1.0.x antes de v1.0.58, v1.2.x antes de v1.2.48, v1.4.x antes de v1.4.10 y v1.5.x antes de v1.5.10 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un valor demasiado grande en el campo avail_in en una imagen PNG.\r\n"
}
],
"id": "CVE-2012-3425",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-13T20:55:09.207",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082"
},
{
"source": "secalert@redhat.com",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=284de253b1561b976291ba7405acd71ae71ff597%3Bhb=refs/heads/libpng10"
},
{
"source": "secalert@redhat.com",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=2da5a7a8b690e257f94353b5b49d493cdc385322%3Bhb=refs/heads/libpng14"
},
{
"source": "secalert@redhat.com",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=73e2ffd6a1471f2144d0ce7165d7323cb109f10f%3Bhb=refs/heads/libpng15"
},
{
"source": "secalert@redhat.com",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bhb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2815-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=284de253b1561b976291ba7405acd71ae71ff597%3Bhb=refs/heads/libpng10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=2da5a7a8b690e257f94353b5b49d493cdc385322%3Bhb=refs/heads/libpng14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=73e2ffd6a1471f2144d0ce7165d7323cb109f10f%3Bhb=refs/heads/libpng15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bhb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2815-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-11 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@android.com | http://source.android.com/security/bulletin/2016-07-01.html | Vendor Advisory | |
| security@android.com | http://www.openwall.com/lists/oss-security/2016/07/09/4 | ||
| security@android.com | https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca | ||
| security@android.com | https://security.netapp.com/advisory/ntap-20240719-0004/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://source.android.com/security/bulletin/2016-07-01.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/07/09/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240719-0004/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| android | 4.0 | ||
| android | 4.0.1 | ||
| android | 4.0.2 | ||
| android | 4.0.3 | ||
| android | 4.0.4 | ||
| android | 4.1 | ||
| android | 4.1.2 | ||
| android | 4.2 | ||
| android | 4.2.1 | ||
| android | 4.2.2 | ||
| android | 4.3 | ||
| android | 4.3.1 | ||
| android | 4.4 | ||
| android | 4.4.1 | ||
| android | 4.4.2 | ||
| android | 4.4.3 | ||
| android | 5.0 | ||
| android | 5.0.1 | ||
| android | 5.1 | ||
| android | 5.1.0 | ||
| android | 6.0 | ||
| android | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F63D199-D477-4807-8A4E-A30C55D1FC48",
"versionEndIncluding": "1.6.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36DD8E3F-6308-4680-B932-4CBD8E58A7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA9F0F7-D592-481E-884C-B1A94E702825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A47AB858-36DE-4330-8CAC-1B46C5C8DA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8882E50-7C49-4A99-91F2-DF979CF8BB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "98C32982-095C-4628-9958-118A3D3A9CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en libpng en versiones anteriores a 1.6.20, como es usado en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-07-01, permite a atacantes obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, seg\u00fan lo demostrado por la obtenci\u00f3n de acceso Signature o SignatureOrSystem, tambi\u00e9n conocido como error interno 23265085."
}
],
"id": "CVE-2016-3751",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-11T01:59:51.870",
"references": [
{
"source": "security@android.com",
"tags": [
"Vendor Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"source": "security@android.com",
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"source": "security@android.com",
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"source": "security@android.com",
"url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
}
],
"sourceIdentifier": "security@android.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-13 03:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html | Third Party Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html | Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html | Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2015-2594.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2015-2595.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2015-2596.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-0055.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-0056.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-0057.html | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2015/dsa-3399 | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2016/dsa-3507 | Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/11/12/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/77568 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1034142 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-2815-1 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2016:1430 | Third Party Advisory | |
| cve@mitre.org | https://code.google.com/p/chromium/issues/detail?id=560291 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://kc.mcafee.com/corporate/index?page=content&id=SB10148 | Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201603-09 | Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201611-08 | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/HT206167 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2015-2594.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2015-2595.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2015-2596.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-0055.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-0056.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-0057.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3399 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3507 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/11/12/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/77568 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034142 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2815-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1430 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://code.google.com/p/chromium/issues/detail?id=560291 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kc.mcafee.com/corporate/index?page=content&id=SB10148 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201603-09 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201611-08 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206167 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | * | |
| libpng | libpng | * | |
| libpng | libpng | * | |
| libpng | libpng | * | |
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| fedoraproject | fedora | 23 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| suse | linux_enterprise_desktop | 11 | |
| suse | linux_enterprise_desktop | 11 | |
| suse | linux_enterprise_desktop | 12 | |
| suse | linux_enterprise_desktop | 12 | |
| suse | linux_enterprise_server | 12 | |
| suse | linux_enterprise_server | 12 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | satellite | 5.7 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 6.7 | |
| redhat | enterprise_linux_eus | 7.2 | |
| redhat | enterprise_linux_eus | 7.3 | |
| redhat | enterprise_linux_eus | 7.4 | |
| redhat | enterprise_linux_eus | 7.5 | |
| redhat | enterprise_linux_eus | 7.6 | |
| redhat | enterprise_linux_eus | 7.7 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.2 | |
| redhat | enterprise_linux_server_aus | 7.3 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_aus | 7.7 | |
| redhat | enterprise_linux_server_tus | 7.2 | |
| redhat | enterprise_linux_server_tus | 7.3 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.7 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| redhat | satellite | 5.6 | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux | 6.0 | |
| oracle | jdk | 1.6.0 | |
| oracle | jdk | 1.7.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jre | 1.6.0 | |
| oracle | jre | 1.7.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 1.8.0 | |
| oracle | linux | 6 | |
| oracle | linux | 7 | |
| oracle | solaris | 11.3 | |
| apple | mac_os_x | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A81951DF-BEF9-4145-B936-48C031617EA6",
"versionEndExcluding": "1.0.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE022C0-5EB8-4B1B-A378-120518DB4CDD",
"versionEndExcluding": "1.2.54",
"versionStartIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EFE8E-7569-4DEC-B97C-89A2D3A61C38",
"versionEndExcluding": "1.4.17",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAACE97E-7BF2-485F-A129-1C27B936D392",
"versionEndExcluding": "1.5.24",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88EAB9A2-8A67-4AE7-BA39-73B219BE34CC",
"versionEndExcluding": "1.6.19",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "17D4B6F2-514D-4BC2-B2C5-4E2FCCAC594C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
"matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
"matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "967EC28A-607F-48F4-AD64-5E3041C768F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*",
"matchCriteriaId": "B0AD78A5-E3C8-4CF1-967C-7F934F9DAFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*",
"matchCriteriaId": "4B0EF44A-833C-4B9D-824A-5E0FFFBA8340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update65:*:*:*:*:*:*",
"matchCriteriaId": "05726B2D-17F9-4192-A570-979BA8F6676E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*",
"matchCriteriaId": "D6C77242-C6FB-4BED-BA51-E9477D64E311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*",
"matchCriteriaId": "7CB263D7-6718-4BE2-8423-B25FD727915E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*",
"matchCriteriaId": "CB1CAC76-2414-43D0-917D-5C1E60438178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update65:*:*:*:*:*:*",
"matchCriteriaId": "9D58FCAD-3374-40D1-ADD9-E830FC3B497A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*",
"matchCriteriaId": "1475C6EC-E2F6-4881-A89E-FB75C1AD1F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A594A00-699D-4899-AEE5-E6B9B948FB62",
"versionEndExcluding": "10.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en las funciones (1) png_set_PLTE y (2) png_get_PLTE en libpng en versiones anteriores a 1.0.64, 1.1.x y 1.2.x en versiones anteriores a 1.2.54, 1.3.x y 1.4.x en versiones anteriores a 1.4.17, 1.5.x en versiones anteriores a 1.5.24 y 1.6.x en versiones anteriores a 1.6.19 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente tener otro impacto no especificado a trav\u00e9s de un valor bit-depth peque\u00f1o en un fragmento IHDR (tambi\u00e9n conocido como image header) en una imagen PNG."
}
],
"id": "CVE-2015-8126",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-13T03:59:05.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3399"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3507"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/12/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77568"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034142"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2815-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=560291"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/12/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2815-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=560291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206167"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-17 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=65e6d5a34f49acdb362a0625a706c6b914e670af | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/45046 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45289 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45405 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45415 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45460 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45486 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45492 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/49660 | Broken Link | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201206-15.xml | Third Party Advisory | |
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.617466 | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com&forum_name=png-mng-implement | Exploit, Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2011/dsa-2287 | Third Party Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:151 | Broken Link | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/06/27/13 | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/06/28/16 | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2011-1105.html | Broken Link | |
| secalert@redhat.com | http://www.securityfocus.com/bid/48474 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1175-1 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=717084 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/68517 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=65e6d5a34f49acdb362a0625a706c6b914e670af | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45046 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45289 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45405 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45415 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45460 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45486 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45492 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49660 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201206-15.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.617466 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com&forum_name=png-mng-implement | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2287 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:151 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/06/27/13 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/06/28/16 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-1105.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/48474 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1175-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=717084 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/68517 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | * | |
| libpng | libpng | * | |
| libpng | libpng | * | |
| fedoraproject | fedora | 14 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 | |
| canonical | ubuntu_linux | 11.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "457596BD-6D1A-4BF6-AB6B-00C015282A5C",
"versionEndExcluding": "1.0.55",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0A4818-9441-4057-BF47-EDC25FC9A3D2",
"versionEndExcluding": "1.2.45",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66F5725F-4C45-48C1-B31C-7A25E735AE49",
"versionEndExcluding": "1.4.8",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25E29B1D-F756-40BE-8419-4224391D8D61",
"versionEndExcluding": "1.5.4",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE52846-24EC-4068-B788-EC7F915FFF11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BD9DD2-B468-4732-ABB1-742D83709B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources."
},
{
"lang": "es",
"value": "La funci\u00f3n png_format_buffer en pngerror.c en libpng v1.0.x antes de v1.0.55, en v1.2.x antes de v1.2.45, en v1.4.x antes de v1.4.8, y en v1.5.x antesde v1.5.4, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una imagen PNG creada que desencadena una lectura out-of-bounds durante la copia de los datos del mensaje de error. NOTA: esta vulnerabilidad existe debido a una regresi\u00f3n CVE-2004-0421."
}
],
"id": "CVE-2011-2501",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2011-07-17T20:55:01.483",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=65e6d5a34f49acdb362a0625a706c6b914e670af"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45046"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45289"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45405"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45415"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45460"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45486"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45492"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/49660"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.617466"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com\u0026forum_name=png-mng-implement"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/13"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1105.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/48474"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1175-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=717084"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=65e6d5a34f49acdb362a0625a706c6b914e670af"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/49660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.617466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com\u0026forum_name=png-mng-implement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/48474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1175-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=717084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68517"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-13 16:29
Modified
2024-11-21 03:48
Severity ?
Summary
An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | Patch | |
| cve@mitre.org | https://github.com/fouzhe/security/tree/master/libpng | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/glennrp/libpng/issues/238 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Apr/30 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201908-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fouzhe/security/tree/master/libpng | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/glennrp/libpng/issues/238 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Apr/30 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201908-02 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD36A99-1431-4B6C-9C92-3D94B56B4BED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*",
"matchCriteriaId": "9C07DBB8-760D-4A9E-B7C7-A382D650658B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*",
"matchCriteriaId": "ED6BF214-B45C-405E-83AC-C8A084A6E4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*",
"matchCriteriaId": "7D8C0DB7-6178-4D70-B460-97A49F012560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE66FC86-ADF3-4295-9C10-2A0AF16A538C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*",
"matchCriteriaId": "BBE0F763-B860-4B30-A5E9-2FCE78F5932D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*",
"matchCriteriaId": "C192F54C-108C-4E40-BC29-CF911C3B9EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*",
"matchCriteriaId": "4ADC2C70-B7C4-49AC-B4CC-C5FC60903F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32548053-521C-4D17-8791-680074D5C55E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image."
},
{
"lang": "es",
"value": "Se ha encontrado un problema en libpng 1.6.34. Es un SEGV en la funci\u00f3n png_free_data en png.c, relacionado con el manejo de errores recomendado para png_read_image."
}
],
"id": "CVE-2018-14048",
"lastModified": "2024-11-21T03:48:30.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-13T16:29:00.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fouzhe/security/tree/master/libpng"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/issues/238"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fouzhe/security/tree/master/libpng"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/issues/238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-17 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/45046 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45405 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45415 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45460 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45461 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/45492 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/49660 | Broken Link | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201206-15.xml | Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT5002 | Third Party Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2011/dsa-2287 | Third Party Advisory | |
| secalert@redhat.com | http://www.libpng.org/pub/png/libpng.html | Product, Vendor Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:151 | Broken Link | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/07/13/2 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2011-1104.html | Broken Link | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2011-1105.html | Broken Link | |
| secalert@redhat.com | http://www.securityfocus.com/bid/48660 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1175-1 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=720607 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/68538 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45046 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45405 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45415 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45460 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45461 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45492 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49660 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201206-15.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5002 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2287 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.libpng.org/pub/png/libpng.html | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:151 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/07/13/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-1104.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-1105.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/48660 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1175-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=720607 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/68538 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | * | |
| libpng | libpng | * | |
| libpng | libpng | * | |
| fedoraproject | fedora | 14 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 | |
| canonical | ubuntu_linux | 11.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "457596BD-6D1A-4BF6-AB6B-00C015282A5C",
"versionEndExcluding": "1.0.55",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0A4818-9441-4057-BF47-EDC25FC9A3D2",
"versionEndExcluding": "1.2.45",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66F5725F-4C45-48C1-B31C-7A25E735AE49",
"versionEndExcluding": "1.4.8",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25E29B1D-F756-40BE-8419-4224391D8D61",
"versionEndExcluding": "1.5.4",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE52846-24EC-4068-B788-EC7F915FFF11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BD9DD2-B468-4732-ABB1-742D83709B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en libpng v1.0.x antes de v1.0.55, en v1.2.x antes de v1.2.45, en v1.4.x antes de v1.4.8, y en v1.5.x antes de v1.5.4, cuando son utilizados por una aplicaci\u00f3n que llama a la funci\u00f3n png_rgb_to_gray pero no a la funci\u00f3n png_set_expand funci\u00f3n, permite a atacantes remotos sobreescribir la memoria con una cantidad arbitraria de datos, y posiblemente tener otro impacto no especificado, a trav\u00e9s de una imagen PNG creada."
}
],
"id": "CVE-2011-2690",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2011-07-17T20:55:01.530",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45046"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45405"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45415"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45460"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45461"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45492"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/49660"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"source": "secalert@redhat.com",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/13/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1104.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1105.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/48660"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1175-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720607"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/49660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/48660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1175-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68538"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-22 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt | Broken Link, Vendor Advisory | |
| secalert@redhat.com | http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt | Product | |
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html | Mailing List | |
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | Mailing List | |
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | Mailing List | |
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | Broken Link, Mailing List | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html | Mailing List | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html | Mailing List | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html | Mailing List | |
| secalert@redhat.com | http://lists.vmware.com/pipermail/security-announce/2009/000062.html | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/33970 | Broken Link, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/33976 | Broken Link, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34137 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/34140 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/34143 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/34145 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/34152 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/34210 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/34265 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/34272 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/34320 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/34324 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/34388 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/34462 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/34464 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/35074 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/35258 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/35302 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/35379 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/35386 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/36096 | Broken Link | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200903-28.xml | Third Party Advisory | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420 | Mailing List | |
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952 | Mailing List | |
| secalert@redhat.com | http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com | Broken Link | |
| secalert@redhat.com | http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441 | Broken Link | |
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 | Broken Link | |
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 | Broken Link | |
| secalert@redhat.com | http://support.apple.com/kb/HT3549 | Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT3613 | Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT3639 | Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT3757 | Third Party Advisory | |
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm | Broken Link | |
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm | Broken Link | |
| secalert@redhat.com | http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document | Broken Link | |
| secalert@redhat.com | http://wiki.rpath.com/Advisories:rPSA-2009-0046 | Broken Link | |
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1750 | Mailing List | |
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1830 | Mailing List | |
| secalert@redhat.com | http://www.kb.cert.org/vuls/id/649212 | Broken Link, Third Party Advisory, US Government Resource | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:051 | Broken Link | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:075 | Broken Link | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:083 | Broken Link | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0315.html | Broken Link | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0325.html | Broken Link | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0333.html | Broken Link | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0340.html | Broken Link | |
| secalert@redhat.com | http://www.securityfocus.com/archive/1/501767/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securityfocus.com/archive/1/503912/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securityfocus.com/archive/1/505990/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securityfocus.com/bid/33827 | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securityfocus.com/bid/33990 | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.us-cert.gov/cas/techalerts/TA09-133A.html | Third Party Advisory, US Government Resource | |
| secalert@redhat.com | http://www.us-cert.gov/cas/techalerts/TA09-218A.html | Third Party Advisory, US Government Resource | |
| secalert@redhat.com | http://www.vmware.com/security/advisories/VMSA-2009-0007.html | Third Party Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/0469 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/0473 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/0632 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1297 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1451 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1462 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1522 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1560 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1621 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2172 | Broken Link | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/48819 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316 | Broken Link | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458 | Broken Link | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html | Mailing List | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html | Mailing List | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html | Mailing List | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | Broken Link, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000062.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33970 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33976 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34137 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34140 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34143 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34145 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34152 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34210 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34265 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34272 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34320 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34324 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34388 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34462 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34464 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35074 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35258 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35302 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35379 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35386 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36096 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200903-28.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3549 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3613 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3639 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3757 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2009-0046 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1750 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1830 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/649212 | Broken Link, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:051 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:075 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:083 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0315.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0325.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0333.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0340.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/501767/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/503912/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/505990/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/33827 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/33990 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-133A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-218A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0007.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0469 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0473 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0632 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1297 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1451 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1462 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1522 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1560 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1621 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2172 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/48819 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | * | |
| apple | iphone_os | * | |
| apple | mac_os_x | * | |
| opensuse | opensuse | 10.3 | |
| opensuse | opensuse | 11.0 | |
| opensuse | opensuse | 11.1 | |
| suse | linux_enterprise | 9.0 | |
| suse | linux_enterprise | 10.0 | |
| suse | linux_enterprise_desktop | 10 | |
| suse | linux_enterprise_server | 10 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 5.0 | |
| fedoraproject | fedora | 9 | |
| fedoraproject | fedora | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1A6D90-D8E8-4F56-BA83-47E9E5B46549",
"versionEndExcluding": "1.0.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9789BC2F-6EB8-4357-90E8-0F372DA76170",
"versionEndExcluding": "1.2.35",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48C7B5CA-82E7-4676-BDBA-76C1098DDEAB",
"versionEndExcluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80C038E4-C24D-45E9-8287-C205C0C07809",
"versionEndExcluding": "10.5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C3243C77-D635-480D-908C-328A479719E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AED08A6F-CD23-4405-B1CF-C96BB8AE7D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "513797E6-FCE6-4E84-9B66-202541F9601E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "22A79A35-05DB-4B9F-AD3E-EA6F933CF10C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*",
"matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
"matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables."
},
{
"lang": "es",
"value": "La libreria de referencia PNG (tambien conocida como libpng) anterior a v1.0.43, y v1.2.x anteriores a 1.2.35, utilizado en pngcrush y otras aplicaciones, lo que permite a atacantes dependientes de contexto producir una denegacion de servicio (caida de aplicacion) o posiblemente ejecutar codigo a traves de de un fichero PNG manipulado que inicia un puntero sin inicializar en (1) la funcion png_read_png, (2) manejador pCAL, o (3) instalacion de tablas de gamma de 16-bit."
}
],
"id": "CVE-2009-0040",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-22T22:30:00.203",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Product"
],
"url": "http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33970"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33976"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34137"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34140"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34143"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34145"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34152"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34210"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34265"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34272"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34324"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34388"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34462"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34464"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35074"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35258"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35302"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35379"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35386"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36096"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-28.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.405420"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.433952"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=1689\u0026release_id=662441"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3757"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://support.avaya.com/japple/css/japple?temp.documentID=366362\u0026temp.productID=154235\u0026temp.releaseID=361845\u0026temp.bucketID=126655\u0026PAGE=Document"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0046"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2009/dsa-1830"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/649212"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:075"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0315.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0325.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0333.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0340.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/501767/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/33827"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/33990"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/0469"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/0473"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/0632"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1451"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48819"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-28.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.405420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.433952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=1689\u0026release_id=662441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.avaya.com/japple/css/japple?temp.documentID=366362\u0026temp.productID=154235\u0026temp.releaseID=361845\u0026temp.bucketID=126655\u0026PAGE=Document"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2009/dsa-1830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/649212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0315.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0325.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0333.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0340.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/501767/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/33827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/33990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/0469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/0473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/0632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-824"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-08 21:17
Modified
2025-04-09 00:30
Severity ?
Summary
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307562 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| cve@mitre.org | http://secunia.com/advisories/27130 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27284 | ||
| cve@mitre.org | http://secunia.com/advisories/27746 | ||
| cve@mitre.org | http://secunia.com/advisories/29420 | ||
| cve@mitre.org | http://secunia.com/advisories/35302 | ||
| cve@mitre.org | http://secunia.com/advisories/35386 | ||
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323 | ||
| cve@mitre.org | http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com&forum_name=png-mng-implement | ||
| cve@mitre.org | http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net | Patch | |
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 | ||
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 | ||
| cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm | ||
| cve@mitre.org | http://www.coresecurity.com/?action=item&id=2148 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/483582/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489135/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/25957 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3391 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0924/references | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1462 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1560 | ||
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1814 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307562 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27130 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27284 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27746 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29420 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35302 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35386 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com&forum_name=png-mng-implement | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coresecurity.com/?action=item&id=2148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483582/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489135/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25957 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3391 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0924/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1462 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1560 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1814 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1304E53A-47EE-4254-B017-531CDC6380E5",
"versionEndIncluding": "1.2.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266."
},
{
"lang": "es",
"value": "Error de superaci\u00f3n de l\u00edmite (off-by-one) en el manejo de perfiles ICC en la funci\u00f3n png_set_iCCP de pngset.c en libpng anterior a 1.2.22 beta1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante una imagen PNG manipulada artesanalmente, debido a un parche incorrecto para CVE-2007-5266."
}
],
"id": "CVE-2007-5267",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-08T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27130"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27284"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27746"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35302"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35386"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25957"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3391"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1814"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of libpng and libpng10 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2007-10-16T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-22 16:55
Modified
2025-06-09 16:15
Severity ?
Summary
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://code.google.com/p/chromium/issues/detail?id=116162 | Vendor Advisory | |
| cve@mitre.org | http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2012-0407.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2012-0488.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/48320 | Not Applicable | |
| cve@mitre.org | http://secunia.com/advisories/48485 | Not Applicable | |
| cve@mitre.org | http://secunia.com/advisories/48512 | Not Applicable | |
| cve@mitre.org | http://secunia.com/advisories/48554 | Not Applicable | |
| cve@mitre.org | http://secunia.com/advisories/49660 | Not Applicable | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201206-15.xml | Third Party Advisory | |
| cve@mitre.org | http://src.chromium.org/viewvc/chrome?view=rev&revision=125311 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2439 | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:033 | Not Applicable | |
| cve@mitre.org | http://www.securitytracker.com/id?1026823 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=799000 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://code.google.com/p/chromium/issues/detail?id=116162 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-0407.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-0488.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48320 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48485 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48512 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48554 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49660 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201206-15.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://src.chromium.org/viewvc/chrome?view=rev&revision=125311 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2439 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:033 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1026823 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=799000 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| redhat | gluster_storage | 2.0 | |
| redhat | storage | 2.0 | |
| redhat | storage_for_public_cloud | 2.0 | |
| debian | debian_linux | 6.0 | |
| fedoraproject | fedora | 15 | |
| fedoraproject | fedora | 16 | |
| fedoraproject | fedora | 17 | |
| opensuse | opensuse | 12.1 | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_server_aus | 6.2 | |
| redhat | enterprise_linux_server_eus | 6.2 | |
| redhat | enterprise_linux_workstation | 5.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| libpng | libpng | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B591325-BD32-43AE-98D4-2C6C6B993194",
"versionEndExcluding": "17.0.963.83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:gluster_storage:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDA642D-4321-44AF-9B31-3E74F49A7A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52B90A04-DD6D-4AE7-A0E5-6B381127D507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0257753-51C3-45F2-BAA4-4C1F2DEAB7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*",
"matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C462C17E-DEB3-4E28-9D3E-FEE97907EC14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB222A2E-F28D-4BAC-85E2-40DE25106A7F",
"versionEndExcluding": "1.5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026."
},
{
"lang": "es",
"value": "El error de signo de entero en pngrutil.c en libpng antes v1.4.10beta01, tal y como se utiliza en Google Chrome antes de v17.0.963.83 y otros productos, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo PNG especificamente dise\u00f1ado para este fin. Se trata de una vulnerabilidad diferente a CVE-2011-3026."
}
],
"id": "CVE-2011-3045",
"lastModified": "2025-06-09T16:15:22.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2012-03-22T16:55:01.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=116162"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html"
},
{
"source": "cve@mitre.org",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0407.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48320"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48485"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48512"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48554"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/49660"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=125311"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2439"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:033"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026823"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799000"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=116162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0407.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/48554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/49660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=125311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-195"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-08 21:17
Modified
2025-04-09 00:30
Severity ?
Summary
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html | Third Party Advisory | |
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=195261 | Third Party Advisory | |
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307562 | Third Party Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2008//May/msg00001.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27093 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27284 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27405 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27529 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27629 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27746 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29420 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/30161 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/30430 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35302 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35386 | Third Party Advisory | |
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323 | Third Party Advisory | |
| cve@mitre.org | http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement | Patch, Third Party Advisory | |
| cve@mitre.org | http://sourceforge.net/mailarchive/message.php?msg_name=5122753600C3E94F87FBDFFCC090D1FF0400EBC5%40MERCMBX07.na.sas.com | Third Party Advisory | |
| cve@mitre.org | http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com | Patch, Third Party Advisory | |
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 | Broken Link | |
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 | Broken Link | |
| cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm | Third Party Advisory | |
| cve@mitre.org | http://www.coresecurity.com/?action=item&id=2148 | Third Party Advisory | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml | Third Party Advisory | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:217 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/483582/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/489135/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/25956 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/usn-538-1 | Third Party Advisory | |
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA08-150A.html | Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3390 | Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0924/references | Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1697 | Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1462 | Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1560 | Third Party Advisory | |
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1814 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=195261 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307562 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008//May/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27093 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27284 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27405 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27529 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27629 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27746 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29420 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30161 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30430 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35302 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35386 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/message.php?msg_name=5122753600C3E94F87FBDFFCC090D1FF0400EBC5%40MERCMBX07.na.sas.com | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coresecurity.com/?action=item&id=2148 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:217 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483582/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489135/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25956 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-538-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA08-150A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3390 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0924/references | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1697 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1462 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1560 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1814 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | * | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 | |
| canonical | ubuntu_linux | 7.04 | |
| canonical | ubuntu_linux | 7.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62BE52C6-6754-426A-894E-30900436A362",
"versionEndExcluding": "1.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33EB15A8-33D5-4F15-A08B-C5586D53155F",
"versionEndExcluding": "1.2.21",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image."
},
{
"lang": "es",
"value": "pngrtran.c en libpng anterior a 1.0.29 y 1.2.x anterior a 1.2.21 utiliza (1) operaciones l\u00f3gicas en vez de operaci\u00f3n sobre bits y (2) comparaciones incorrectas, lo cual podr\u00eda permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante una imagen PNG manipulada artesanalmente."
}
],
"id": "CVE-2007-5268",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-08T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27093"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27284"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27405"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27529"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27629"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27746"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30161"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30430"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35302"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35386"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net\u0026forum_name=png-mng-implement"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=5122753600C3E94F87FBDFFCC090D1FF0400EBC5%40MERCMBX07.na.sas.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25956"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-538-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3390"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net\u0026forum_name=png-mng-implement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=5122753600C3E94F87FBDFFCC090D1FF0400EBC5%40MERCMBX07.na.sas.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-538-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1814"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of libpng and libpng10 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2007-10-16T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-14 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html | ||
| cve@mitre.org | http://sourceforge.net/p/libpng/bugs/244/ | ||
| cve@mitre.org | http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/ | ||
| cve@mitre.org | http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/ | Patch | |
| cve@mitre.org | http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/ | Patch | |
| cve@mitre.org | http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/ | Patch | |
| cve@mitre.org | http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/ | Patch | |
| cve@mitre.org | http://www.debian.org/security/2016/dsa-3443 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/12/10/6 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/12/10/7 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/12/11/1 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/12/11/2 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/12/17/10 | ||
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/80592 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2016:1430 | ||
| cve@mitre.org | https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | ||
| cve@mitre.org | https://security.gentoo.org/glsa/201611-08 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/p/libpng/bugs/244/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3443 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/12/10/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/12/10/7 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/12/11/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/12/11/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/12/17/10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/80592 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1430 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201611-08 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux_desktop_supplementary | 5.0 | |
| redhat | enterprise_linux_desktop_supplementary | 6.0 | |
| redhat | enterprise_linux_hpc_node | 6.0 | |
| redhat | enterprise_linux_server_supplementary | 5.0 | |
| redhat | enterprise_linux_server_supplementary | 6.0 | |
| redhat | enterprise_linux_workstation_supplementary | 6.0 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.5 | |
| libpng | libpng | 1.2.6 | |
| libpng | libpng | 1.2.7 | |
| libpng | libpng | 1.2.8 | |
| libpng | libpng | 1.2.9 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.12 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.18 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.27 | |
| libpng | libpng | 1.2.28 | |
| libpng | libpng | 1.2.29 | |
| libpng | libpng | 1.2.30 | |
| libpng | libpng | 1.2.31 | |
| libpng | libpng | 1.2.32 | |
| libpng | libpng | 1.2.33 | |
| libpng | libpng | 1.2.34 | |
| libpng | libpng | 1.2.35 | |
| libpng | libpng | 1.2.36 | |
| libpng | libpng | 1.2.37 | |
| libpng | libpng | 1.2.38 | |
| libpng | libpng | 1.2.39 | |
| libpng | libpng | 1.2.40 | |
| libpng | libpng | 1.2.41 | |
| libpng | libpng | 1.2.42 | |
| libpng | libpng | 1.2.43 | |
| libpng | libpng | 1.2.43 | |
| libpng | libpng | 1.2.44 | |
| libpng | libpng | 1.2.45 | |
| libpng | libpng | 1.2.45 | |
| libpng | libpng | 1.2.46 | |
| libpng | libpng | 1.2.46 | |
| libpng | libpng | 1.2.47 | |
| libpng | libpng | 1.2.47 | |
| libpng | libpng | 1.2.48 | |
| libpng | libpng | 1.2.48 | |
| libpng | libpng | 1.2.49 | |
| libpng | libpng | 1.2.50 | |
| libpng | libpng | 1.2.51 | |
| libpng | libpng | 1.2.52 | |
| libpng | libpng | 1.2.53 | |
| libpng | libpng | 1.2.54 | |
| libpng | libpng | 1.2.55 | |
| libpng | libpng | 1.1.1 | |
| libpng | libpng | 1.0.0 | |
| libpng | libpng | 1.0.1 | |
| libpng | libpng | 1.0.2 | |
| libpng | libpng | 1.0.3 | |
| libpng | libpng | 1.0.5 | |
| libpng | libpng | 1.0.6 | |
| libpng | libpng | 1.0.7 | |
| libpng | libpng | 1.0.8 | |
| libpng | libpng | 1.0.9 | |
| libpng | libpng | 1.0.10 | |
| libpng | libpng | 1.0.11 | |
| libpng | libpng | 1.0.12 | |
| libpng | libpng | 1.0.13 | |
| libpng | libpng | 1.0.14 | |
| libpng | libpng | 1.0.15 | |
| libpng | libpng | 1.0.16 | |
| libpng | libpng | 1.0.17 | |
| libpng | libpng | 1.0.18 | |
| libpng | libpng | 1.0.19 | |
| libpng | libpng | 1.0.20 | |
| libpng | libpng | 1.0.21 | |
| libpng | libpng | 1.0.22 | |
| libpng | libpng | 1.0.23 | |
| libpng | libpng | 1.0.24 | |
| libpng | libpng | 1.0.25 | |
| libpng | libpng | 1.0.26 | |
| libpng | libpng | 1.0.27 | |
| libpng | libpng | 1.0.28 | |
| libpng | libpng | 1.0.29 | |
| libpng | libpng | 1.0.30 | |
| libpng | libpng | 1.0.31 | |
| libpng | libpng | 1.0.32 | |
| libpng | libpng | 1.0.33 | |
| libpng | libpng | 1.0.34 | |
| libpng | libpng | 1.0.35 | |
| libpng | libpng | 1.0.37 | |
| libpng | libpng | 1.0.38 | |
| libpng | libpng | 1.0.39 | |
| libpng | libpng | 1.0.40 | |
| libpng | libpng | 1.0.41 | |
| libpng | libpng | 1.0.42 | |
| libpng | libpng | 1.0.43 | |
| libpng | libpng | 1.0.44 | |
| libpng | libpng | 1.0.45 | |
| libpng | libpng | 1.0.46 | |
| libpng | libpng | 1.0.47 | |
| libpng | libpng | 1.0.48 | |
| libpng | libpng | 1.0.50 | |
| libpng | libpng | 1.0.51 | |
| libpng | libpng | 1.0.52 | |
| libpng | libpng | 1.0.53 | |
| libpng | libpng | 1.0.54 | |
| libpng | libpng | 1.0.55 | |
| libpng | libpng | 1.0.55 | |
| libpng | libpng | 1.0.56 | |
| libpng | libpng | 1.0.56 | |
| libpng | libpng | 1.0.57 | |
| libpng | libpng | 1.0.57 | |
| libpng | libpng | 1.0.58 | |
| libpng | libpng | 1.0.59 | |
| libpng | libpng | 1.0.60 | |
| libpng | libpng | 1.0.61 | |
| libpng | libpng | 1.0.62 | |
| libpng | libpng | 1.0.63 | |
| libpng | libpng | 1.0.64 | |
| libpng | libpng | 1.0.65 | |
| fedoraproject | fedora | 23 | |
| debian | debian_linux | 6.0 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.1 | |
| libpng | libpng | 1.4.2 | |
| libpng | libpng | 1.4.3 | |
| libpng | libpng | 1.4.4 | |
| libpng | libpng | 1.4.5 | |
| libpng | libpng | 1.4.6 | |
| libpng | libpng | 1.4.7 | |
| libpng | libpng | 1.4.8 | |
| libpng | libpng | 1.4.9 | |
| libpng | libpng | 1.4.10 | |
| libpng | libpng | 1.4.11 | |
| libpng | libpng | 1.4.12 | |
| libpng | libpng | 1.4.13 | |
| libpng | libpng | 1.4.14 | |
| libpng | libpng | 1.4.15 | |
| libpng | libpng | 1.4.16 | |
| libpng | libpng | 1.4.17 | |
| libpng | libpng | 1.4.18 | |
| libpng | libpng | 0.90 | |
| libpng | libpng | 0.95 | |
| libpng | libpng | 0.96 | |
| libpng | libpng | 0.97 | |
| libpng | libpng | 0.98 | |
| libpng | libpng | 0.99 | |
| libpng | libpng | 1.5.0 | |
| libpng | libpng | 1.5.1 | |
| libpng | libpng | 1.5.1 | |
| libpng | libpng | 1.5.2 | |
| libpng | libpng | 1.5.2 | |
| libpng | libpng | 1.5.3 | |
| libpng | libpng | 1.5.4 | |
| libpng | libpng | 1.5.4 | |
| libpng | libpng | 1.5.5 | |
| libpng | libpng | 1.5.5 | |
| libpng | libpng | 1.5.6 | |
| libpng | libpng | 1.5.6 | |
| libpng | libpng | 1.5.7 | |
| libpng | libpng | 1.5.7 | |
| libpng | libpng | 1.5.8 | |
| libpng | libpng | 1.5.8 | |
| libpng | libpng | 1.5.9 | |
| libpng | libpng | 1.5.9 | |
| libpng | libpng | 1.5.10 | |
| libpng | libpng | 1.5.11 | |
| libpng | libpng | 1.5.11 | |
| libpng | libpng | 1.5.12 | |
| libpng | libpng | 1.5.13 | |
| libpng | libpng | 1.5.13 | |
| libpng | libpng | 1.5.14 | |
| libpng | libpng | 1.5.15 | |
| libpng | libpng | 1.5.16 | |
| libpng | libpng | 1.5.17 | |
| libpng | libpng | 1.5.18 | |
| libpng | libpng | 1.5.19 | |
| libpng | libpng | 1.5.20 | |
| libpng | libpng | 1.5.21 | |
| libpng | libpng | 1.5.22 | |
| libpng | libpng | 1.5.23 | |
| libpng | libpng | 1.5.24 | |
| libpng | libpng | 1.5.25 | |
| libpng | libpng | 1.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2EDDE6-49F2-41D3-BCB2-F49886A2A170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C6E104-EDBC-481E-85B8-D39ED2058D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3FB071-FCCC-4425-AFBF-77287C1B8F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B74C62D-4A6D-4A4F-ADF6-A508322CD447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E89B38A-3697-46DD-BB3F-E8D2373588BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C036011A-9AE1-423C-8B73-188B9BA20FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "663C6EE5-5B5E-4C0F-9E7F-D0E1DA9AF9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8051459E-94D3-4D4A-9D40-CC9475DDB00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42056C63-69A7-43CF-828C-0C3E365702D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6A39A3-7F86-4DC3-B248-859630AFB9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58377AE3-1C13-4C3F-BC55-8336DAEEF97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "005C2DA4-D00E-4206-851E-9226D66B5F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97B17602-0D97-469B-A9B1-30AAC8F758F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "857B664A-C6F9-45E3-93EA-C0F53CEF5C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFDA458-74E8-4DEF-B524-A4A8672CB66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3E3BF3-4376-4692-A515-A7B6593F28F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6AF9D5-CE60-4FC9-91AB-E243F0D429E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1AC712-110D-458F-B650-930C6D45CA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F848FA5-9682-454F-A9DE-671C4401F15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B83678-98A1-440E-950C-4A27995C7294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9EEE31-479A-4370-BF00-C26C1AF502B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "95EABD7D-1F18-4FA5-BAA9-F8D69129E531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "65B836CA-3740-48B0-966B-21E65EF3D636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3988FA1B-18D9-46AA-87BA-A6B01D4F4B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51A46409-7AC6-45DB-B92D-29988C445BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "09E2B608-6C70-446F-A3A7-369048D99855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA00AE0-F447-4361-AA37-0C98BDE491E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "21DACE94-FBDC-4A3D-8DD6-E62D18F5EE7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "220A02AF-6ADA-4B75-BC81-40B2D847029A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEB8F61-195E-41DE-90CE-22854055E9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F72B91-1F7F-41EB-ABC8-1B50AFEC70EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "111091B9-CBAE-4FC7-8B97-7D2345BFCB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "54C6D9D3-50B2-4A63-B3D1-C76C70F4443E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "4110AA74-C69D-45BC-A630-9EE3A2036BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DEFD05-10EE-4242-B885-FD1B0DF6CAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAA1090-C1C7-43A2-BD44-065572D226B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD92305-91BF-4984-A029-8FA83CBF1A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F9A6DB-19BF-4798-879E-9BD4AD5EFF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "31EE280F-D76D-478B-ADD6-D5F2C7574A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "747314F7-A515-41FF-8095-62A9F05F0DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BE9ED0-685B-41F0-A984-D33E7034AEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F6AD99-7697-47E5-8301-723C16535C76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*",
"matchCriteriaId": "07B00AD3-D13C-45B5-A13A-9092D40F4A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*",
"matchCriteriaId": "14222EA8-E8ED-4818-ACB4-C6A13643F210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*",
"matchCriteriaId": "A22C28DD-5C99-4722-9093-A1E82A2C2808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "93714B71-6331-4F5A-A12A-B4B80CA2FEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10CD562E-1F06-4779-A29C-4069E3C86B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "4D83D507-64AF-4158-97B9-1353E2F8EE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5E39EA-C32E-4E87-9A3F-CCB5144F0E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.43:devel:*:*:*:*:*:*",
"matchCriteriaId": "61B9103F-CD72-4F06-BED1-7AE4AB9E672C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF6249D-5AA8-4EA3-A92A-0E492FE5B811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE7F259-40A2-4866-8EF8-44A9913EC4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.45:devel:*:*:*:*:*:*",
"matchCriteriaId": "CFA3EED5-F0AB-4C5C-92D7-B84BFDAA31AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*",
"matchCriteriaId": "03C20A42-6A77-43D4-80D7-332BB2DF1B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.46:devel:*:*:*:*:*:*",
"matchCriteriaId": "8A0A1B56-0E92-4E81-9B2C-4F9B9D5833EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC5DBB-249B-4EED-9F54-E23CB1919ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.47:beta:*:*:*:*:*:*",
"matchCriteriaId": "C10D9119-0FF8-4DFE-8632-A14D9C83CC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "088A1BDB-BB1A-46B5-898B-23311DE27CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.48:betas:*:*:*:*:*:*",
"matchCriteriaId": "C24CA735-6EA6-41E3-A82D-D443BB47806B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAA828-F42A-420F-B17E-6FACF6CD483D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "D20664A4-4816-4F57-82BB-F4116FA33A41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "64226521-0723-4259-B214-0D2A35CF5FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*",
"matchCriteriaId": "6ABEEBFE-A8C8-40D4-97D8-F06676E67478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*",
"matchCriteriaId": "47831D80-33AC-4A13-B92D-3D2CBF215955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED428C8-E6AB-4BB1-BE7D-543B2A19410F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.55:*:*:*:*:*:*:*",
"matchCriteriaId": "00EFBF77-B771-4A52-B4FF-6346F4B69968",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9D7121-F80E-4F17-A55B-4E404B87B823",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6B3DAF-DF99-48B2-8E7C-BE8E043D4C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29050958-EFD8-4A79-9022-EF72AAD4EDB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CB33B1-71B2-4235-A2C1-FCAEA9844A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "436F8C71-1780-4DC6-937B-8F1F51C7453D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF2C6F3-BFE7-4234-9975-DE7FCDA26A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B79DC5F-5062-4031-BA11-746EE3C8E1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD6DE25-8B2F-4DB9-9969-8AAC23BC0AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "35F2B503-1516-465D-A558-9932BDB3457D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BA94EAAA-A4D2-4E36-BC69-BBE9644FE970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A7C96C-8FBB-42B4-937E-3321C939CC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94084356-D39B-41B2-AC24-0ADAD0BF5988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "086C6335-7872-46A7-AEB1-9BE5AE5A788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8233B1-04A0-4E25-97EE-CF466B48A12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FA714E7E-05EF-4598-9324-887BC66C675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CF3B73-D3B9-4D76-B411-C837BCE0806E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D1752D91-3468-4E22-B60F-6789B3CBD7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F433AA7E-A780-4D45-AD1A-5A4CE1F3FCD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "93E210A7-489B-4EA7-A840-599523157DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B37565FA-72F5-4063-8D7A-97BC269F020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8FA821-818E-4BC7-834B-94EB5C042390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FBF3D3-95A6-4869-8A69-F0E5ECA40220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D07785D0-E995-4208-AB8C-43B320D291F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "152DDD6E-CF56-4E1C-BE4D-C7BC0FD9B08C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "19BBA666-4473-4C6D-BF48-34EF3F09AD7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DDF6CC-7997-47E7-96D3-8DC10F1D17F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A1926DD0-0A9B-4F9D-BB4F-AC7AB0B3F0E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2763A6C7-DBBA-4E2A-917C-B6FF524B9891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DECDF8-7742-4D58-99FA-100A01748B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4FD3B1-3A68-4122-AA50-31BFC6C50408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "45790331-CE26-457F-8649-F027703E73EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0BFE2D-5C7B-42E0-B783-8C5907CA8635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD993C1-70B6-4ACB-B958-94E7EF973A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "C085686C-A0AA-4F56-9E7D-B5CB24B890D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D02A5197-06B9-469E-9817-45BB23324042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB6BE37-E564-4E42-BE39-36DD301C37A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "314209F2-E0A0-4045-8108-8E7215312442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "11A8ECBB-7E50-4447-88E2-893C1466C251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8F24A5-F5C3-495F-9AF0-2EE836E0147A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "46DE2DE3-F081-4B80-A4DA-C5AB27B3CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "71EF1D77-7838-47DF-B6A2-DBBAC0058FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "76BA4FEA-FEB4-47A9-9DFF-A233CEE03D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB5A63-E89E-48AB-A846-107EBEC71D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "2181FEEB-D07E-490C-9953-3490D87B63A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "36DC41DD-A291-4ECE-84B9-574828AA2A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "015D1E36-17A1-4413-B1FB-5DF4C36712BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "F64CE8F2-22B1-43F8-8934-CBCD2EFBA85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB15BE8-1B88-4117-AF14-3AA2B54DB323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CB2728-4CC7-46EA-809B-450A9BB9F884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "96638963-D264-49AD-9B77-497C3DA23DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "88544BBE-29A1-4622-B3E6-FA4B891A9B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "DD658D98-9A4D-4DC2-A935-BB3BF0E0FB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF819AF-AC11-4BD9-A070-572836A65FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "2EEAC62D-BF2B-40DF-9428-FFBF7CA09471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.55:rc01:*:*:*:*:*:*",
"matchCriteriaId": "27DFAB04-5C5C-4366-B3FC-C83AAB807F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "36327723-F953-4BD3-A525-930DDCF7931D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.56:devel:*:*:*:*:*:*",
"matchCriteriaId": "36F717B1-CC02-4878-9A78-1584074E81C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7D482811-2EF1-47AE-A41C-7532AC6DEF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.57:rc01:*:*:*:*:*:*",
"matchCriteriaId": "FF26AB67-81F8-4CD2-8E28-BDF9FE2CD58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0EE98D-0596-4147-9EC4-F3616BF2B901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "62F15027-0E80-48B7-9ECD-9E7228F0E81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "99904D7E-0046-4481-99B6-01710D4FC848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB33B4E-E69A-4002-816C-24CCD49682F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "42A4FAF1-4B81-47C4-BFB7-6052524A2DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "686A50C3-93E1-4C3F-8089-322BE26E6317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD67FEF-E6D3-449B-B2E9-14A69AD8E923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8B4549-007C-4572-86D9-F51A7B3FC586",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D5DAA1-3632-48D7-A657-4A4C83A119D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5AE8E0-3C11-4EE1-A599-4D70C6A13F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD36C3B-3C02-488B-B480-EA091D702CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BAD272-D4B6-40CE-B5E9-63145E12B638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEB311C-766D-4070-A0BE-9CE4593C8F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C185BF59-68E4-49F8-802F-C06FE840FF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C399B31-B8EC-41C4-B6AB-83BABC474374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B00AF5F-D4F5-490C-8BF4-2B33EFBF15A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9AEB1D-0AA7-4842-9CF9-91BFD8B58A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "09150152-5DEA-4FA2-9163-63EAF4D83DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "45E5068A-42BE-478B-8C00-FE23B7837DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "023CCFB0-7995-408E-928A-76C5BD9B4924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "493F615D-DB81-48B3-9E74-C32544A01372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F12925-44F7-4790-8A06-345EB3DCCB71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5BF226-D62F-4F54-B771-EB108FD256FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EDBFCB-96DA-4A36-873A-3164975BE997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDB15BE-BDD2-4210-B224-A520E8DC7D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "70D3AD38-CCE7-47E6-8225-C0BFC3F10E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4D176C8F-C91F-47C8-AEC8-377324944421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF125DE-6BD1-4640-9710-6EE69CD8A871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "DE45B563-07B8-4F4E-80B4-C73216DF7295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "0303A619-21BE-49DD-8C08-F04DFB31FC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "197C2166-FCB7-467B-ABF1-E30E7DBD8816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "663DD631-661D-48FA-A090-A18536BA284A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEDED41-716C-4D7F-9D18-FF4672F51C67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8BA2974-AF9F-4382-B443-F54354B5623A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8BC209-45B9-44D6-A26D-0B570ED5BB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "468B1A0E-AF58-42C4-9801-D6F83F283360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6644ED2F-66F3-469D-8233-72FE7321E850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "B36D610D-F86A-4D46-B0F2-884FFA601C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8A976DD-87FA-425D-8E07-E3CFC4D3FD05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34978D-6ABE-463E-AB48-21CC55B7D157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "3716FF0E-AD20-46F8-B8F6-3EC42D427C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4568BB-F5FF-4BBB-9DA3-E66C2BFA2416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "E5300EC4-B3A0-42C5-8D39-67AB75C47153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "246CF13F-FDC1-499E-9FC1-5624D54E9E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "D5840A8E-AB64-40A9-8BB6-EB6BA51D40B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC66FD43-421B-4223-BA32-EC47B51E1091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "EEC9D57C-47F2-4773-85B6-FFB0C4681E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F5664B-5AB9-4DE4-99AA-8FD32DBA4A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "5CD1C8E6-DF35-47F7-877F-001AD62B57CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7712376-D776-4814-A041-FBFEAC70ADC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "DF69B34E-F7FB-4F4C-AF7D-ACD165B1233B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.10:beta:*:*:*:*:*:*",
"matchCriteriaId": "F7CC2E64-E48C-4DE6-892D-06A0B806A51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "65DEDF02-9239-497C-94DB-DAF80B6B4F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.11:beta:*:*:*:*:*:*",
"matchCriteriaId": "5BE62DB2-664D-4E0A-840F-09D13E41704A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAAECD8-0C16-40CC-BA8A-97DF38BAF668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "84D9B3E6-D32D-4E4B-908A-39FAC3D5F618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.13:beta:*:*:*:*:*:*",
"matchCriteriaId": "561D5D7A-1933-4A6D-940E-8DD035AA31B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2DB1EF-B961-4C56-8519-242419B6AB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDE2351-2B17-4C1A-A625-6C7DE691039A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "5426F3F0-CF21-45D4-9071-F8F7865A7619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "25147E8F-7385-4393-BE21-E3347610F003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "19C06F50-7C48-4FD6-B0C9-6C9B643742B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DA562433-F6F5-46C1-98DE-8309BD940260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.20:beta:*:*:*:*:*:*",
"matchCriteriaId": "61FBBD3D-E216-46D3-9D12-6D3732B75E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB9178D-DEEF-4D2C-9347-F553312129C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3157A738-20EB-4BE0-A58B-E21DDA64EDC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "6D70C6B1-2360-48C9-931D-BAED79151DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "29F79896-3EF0-4F53-8EBC-66D811E2C315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C8AE4F-0473-4B52-8DB4-31022057FD71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41D423E1-A542-4E8C-8ABF-B0B0B0C27DD5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read."
},
{
"lang": "es",
"value": "Desbordamiento inferior de entero en la funci\u00f3n png_check_keyword en pngwutil.c en libpng 0.90 hasta la versi\u00f3n 0.99, 1.0.x en versiones anteriores a 1.0.66, 1.1.x y 1.2.x en versiones anteriores a 1.2.56, 1.3.x y 1.4.x en versiones anteriores a 1.4.19 y 1.5.x en versiones anteriores a 1.5.26 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de un car\u00e1cter de espacio como contrase\u00f1a en una imagen PNG, lo que desencadena una lectura fuera de rango."
}
],
"id": "CVE-2015-8540",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-14T14:59:03.287",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/p/libpng/bugs/244/"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/7"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/10"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/80592"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/p/libpng/bugs/244/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.66/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.56/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.19/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.26/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/11/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/80592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201611-08"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-11 05:29
Modified
2024-11-21 04:45
Severity ?
Summary
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/glennrp/libpng/issues/269 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/glennrp/libpng/issues/269 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E98605-E9D5-4A8A-8858-C4AF1236AB6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated \"I don\u0027t think it is libpng\u0027s job to free this buffer."
},
{
"lang": "es",
"value": "** EN DISPUTA ** png_create_info_struct en png.c en libpng 1.6.36 tiene una fuga de memoria, tal y como queda demostrado con pngcp. NOTA: un tercero ha declarado \"No creo que sea tarea de libpng liberar este b\u00fafer.\""
}
],
"id": "CVE-2019-6129",
"lastModified": "2024-11-21T04:45:59.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-11T05:29:01.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/issues/269"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/issues/269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-08 21:17
Modified
2025-04-09 00:30
Severity ?
Summary
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html | ||
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=195261 | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307562 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2008//May/msg00001.html | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | ||
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | ||
| cve@mitre.org | http://secunia.com/advisories/27093 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27284 | ||
| cve@mitre.org | http://secunia.com/advisories/27369 | ||
| cve@mitre.org | http://secunia.com/advisories/27391 | ||
| cve@mitre.org | http://secunia.com/advisories/27405 | ||
| cve@mitre.org | http://secunia.com/advisories/27492 | ||
| cve@mitre.org | http://secunia.com/advisories/27529 | ||
| cve@mitre.org | http://secunia.com/advisories/27629 | ||
| cve@mitre.org | http://secunia.com/advisories/27662 | ||
| cve@mitre.org | http://secunia.com/advisories/27746 | ||
| cve@mitre.org | http://secunia.com/advisories/27965 | ||
| cve@mitre.org | http://secunia.com/advisories/29420 | ||
| cve@mitre.org | http://secunia.com/advisories/30161 | ||
| cve@mitre.org | http://secunia.com/advisories/30430 | ||
| cve@mitre.org | http://secunia.com/advisories/31712 | ||
| cve@mitre.org | http://secunia.com/advisories/31713 | ||
| cve@mitre.org | http://secunia.com/advisories/34388 | ||
| cve@mitre.org | http://secunia.com/advisories/35302 | ||
| cve@mitre.org | http://secunia.com/advisories/35386 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323 | ||
| cve@mitre.org | http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement | Patch | |
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 | ||
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 | ||
| cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm | ||
| cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm | ||
| cve@mitre.org | http://www.coresecurity.com/?action=item&id=2148 | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1750 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:217 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_25_sr.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0992.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/483582/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489135/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/25956 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28276 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1018849 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-538-1 | ||
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA08-150A.html | US Government Resource | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | ||
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | ||
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | ||
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | ||
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | ||
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | ||
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3390 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0905/references | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0924/references | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1697 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1462 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1560 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=327791 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=337461 | ||
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1814 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=195261 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307562 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008//May/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27093 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27284 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27369 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27391 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27405 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27492 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27529 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27629 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27662 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27746 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27965 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29420 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30161 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30430 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31712 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31713 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34388 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35302 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35386 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coresecurity.com/?action=item&id=2148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1750 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:217 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_25_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0992.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483582/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489135/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25956 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28276 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018849 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-538-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA08-150A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3390 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0905/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0924/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1697 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1462 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1560 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=327791 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=337461 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1814 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2AD32F-9721-471D-97C9-4A3AB6463DF4",
"versionEndIncluding": "1.2.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DECDF8-7742-4D58-99FA-100A01748B05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations."
},
{
"lang": "es",
"value": "Determinados manejadores de fragmentos en libpng anterior a 1.0.29 y 1.2.x anterior a 1.2.21 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante fragmentaci\u00f3n manipulada (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), y (5) ztXT (png_handle_ztXt) en im\u00e1genes PNG, lo cual dispara operaciones de lectura fuera de l\u00edmite."
}
],
"id": "CVE-2007-5269",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-08T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27093"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27284"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27369"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27391"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27405"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27492"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27529"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27629"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27662"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27746"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27965"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30161"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30430"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31712"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31713"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34388"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35302"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35386"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net\u0026forum_name=png-mng-implement"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0992.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25956"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018849"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-538-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3390"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=327791"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=337461"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net\u0026forum_name=png-mng-implement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0992.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-538-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=327791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=337461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-21 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2015-2594.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2015-2595.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2015-2596.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-0055.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-0056.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-0057.html | ||
| cve@mitre.org | http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/ | ||
| cve@mitre.org | http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/ | ||
| cve@mitre.org | http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/ | ||
| cve@mitre.org | http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/ | ||
| cve@mitre.org | http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/ | ||
| cve@mitre.org | http://www.debian.org/security/2016/dsa-3443 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/12/03/6 | ||
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | Vendor Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/78624 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2016:1430 | ||
| cve@mitre.org | https://kc.mcafee.com/corporate/index?page=content&id=SB10148 | ||
| cve@mitre.org | https://support.apple.com/HT206167 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2015-2594.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2015-2595.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2015-2596.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-0055.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-0056.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-0057.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3443 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/12/03/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/78624 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1430 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://kc.mcafee.com/corporate/index?page=content&id=SB10148 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206167 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | * | |
| libpng | libpng | 1.0.64 | |
| libpng | libpng | 1.2.0 | |
| libpng | libpng | 1.2.1 | |
| libpng | libpng | 1.2.2 | |
| libpng | libpng | 1.2.3 | |
| libpng | libpng | 1.2.4 | |
| libpng | libpng | 1.2.10 | |
| libpng | libpng | 1.2.11 | |
| libpng | libpng | 1.2.12 | |
| libpng | libpng | 1.2.13 | |
| libpng | libpng | 1.2.14 | |
| libpng | libpng | 1.2.15 | |
| libpng | libpng | 1.2.16 | |
| libpng | libpng | 1.2.17 | |
| libpng | libpng | 1.2.18 | |
| libpng | libpng | 1.2.19 | |
| libpng | libpng | 1.2.20 | |
| libpng | libpng | 1.2.21 | |
| libpng | libpng | 1.2.22 | |
| libpng | libpng | 1.2.23 | |
| libpng | libpng | 1.2.24 | |
| libpng | libpng | 1.2.25 | |
| libpng | libpng | 1.2.26 | |
| libpng | libpng | 1.2.27 | |
| libpng | libpng | 1.2.28 | |
| libpng | libpng | 1.2.29 | |
| libpng | libpng | 1.2.30 | |
| libpng | libpng | 1.2.31 | |
| libpng | libpng | 1.2.32 | |
| libpng | libpng | 1.2.33 | |
| libpng | libpng | 1.2.34 | |
| libpng | libpng | 1.2.35 | |
| libpng | libpng | 1.2.36 | |
| libpng | libpng | 1.2.37 | |
| libpng | libpng | 1.2.38 | |
| libpng | libpng | 1.2.39 | |
| libpng | libpng | 1.2.40 | |
| libpng | libpng | 1.2.41 | |
| libpng | libpng | 1.2.42 | |
| libpng | libpng | 1.2.43 | |
| libpng | libpng | 1.2.44 | |
| libpng | libpng | 1.2.45 | |
| libpng | libpng | 1.2.46 | |
| libpng | libpng | 1.2.47 | |
| libpng | libpng | 1.2.48 | |
| libpng | libpng | 1.2.49 | |
| libpng | libpng | 1.2.50 | |
| libpng | libpng | 1.2.51 | |
| libpng | libpng | 1.2.52 | |
| libpng | libpng | 1.2.53 | |
| libpng | libpng | 1.2.54 | |
| libpng | libpng | 1.4.0 | |
| libpng | libpng | 1.4.1 | |
| libpng | libpng | 1.4.2 | |
| libpng | libpng | 1.4.3 | |
| libpng | libpng | 1.4.4 | |
| libpng | libpng | 1.4.5 | |
| libpng | libpng | 1.4.6 | |
| libpng | libpng | 1.4.7 | |
| libpng | libpng | 1.4.8 | |
| libpng | libpng | 1.4.9 | |
| libpng | libpng | 1.4.10 | |
| libpng | libpng | 1.4.11 | |
| libpng | libpng | 1.4.12 | |
| libpng | libpng | 1.4.13 | |
| libpng | libpng | 1.4.14 | |
| libpng | libpng | 1.4.15 | |
| libpng | libpng | 1.4.16 | |
| libpng | libpng | 1.4.17 | |
| libpng | libpng | 1.5.1 | |
| libpng | libpng | 1.5.2 | |
| libpng | libpng | 1.5.3 | |
| libpng | libpng | 1.5.4 | |
| libpng | libpng | 1.5.5 | |
| libpng | libpng | 1.5.6 | |
| libpng | libpng | 1.5.7 | |
| libpng | libpng | 1.5.8 | |
| libpng | libpng | 1.5.9 | |
| libpng | libpng | 1.5.10 | |
| libpng | libpng | 1.5.11 | |
| libpng | libpng | 1.5.12 | |
| libpng | libpng | 1.5.13 | |
| libpng | libpng | 1.5.14 | |
| libpng | libpng | 1.5.15 | |
| libpng | libpng | 1.5.16 | |
| libpng | libpng | 1.5.17 | |
| libpng | libpng | 1.5.18 | |
| libpng | libpng | 1.5.19 | |
| libpng | libpng | 1.5.20 | |
| libpng | libpng | 1.5.21 | |
| libpng | libpng | 1.5.22 | |
| libpng | libpng | 1.5.23 | |
| libpng | libpng | 1.5.24 | |
| libpng | libpng | 1.6.0 | |
| libpng | libpng | 1.6.1 | |
| libpng | libpng | 1.6.2 | |
| libpng | libpng | 1.6.3 | |
| libpng | libpng | 1.6.4 | |
| libpng | libpng | 1.6.5 | |
| libpng | libpng | 1.6.6 | |
| libpng | libpng | 1.6.7 | |
| libpng | libpng | 1.6.8 | |
| libpng | libpng | 1.6.9 | |
| libpng | libpng | 1.6.10 | |
| libpng | libpng | 1.6.11 | |
| libpng | libpng | 1.6.12 | |
| libpng | libpng | 1.6.13 | |
| libpng | libpng | 1.6.14 | |
| libpng | libpng | 1.6.15 | |
| libpng | libpng | 1.6.16 | |
| libpng | libpng | 1.6.17 | |
| libpng | libpng | 1.6.18 | |
| libpng | libpng | 1.6.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82",
"versionEndIncluding": "10.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD67FEF-E6D3-449B-B2E9-14A69AD8E923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C036011A-9AE1-423C-8B73-188B9BA20FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "663C6EE5-5B5E-4C0F-9E7F-D0E1DA9AF9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8051459E-94D3-4D4A-9D40-CC9475DDB00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42056C63-69A7-43CF-828C-0C3E365702D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6A39A3-7F86-4DC3-B248-859630AFB9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3E3BF3-4376-4692-A515-A7B6593F28F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6AF9D5-CE60-4FC9-91AB-E243F0D429E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1AC712-110D-458F-B650-930C6D45CA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F848FA5-9682-454F-A9DE-671C4401F15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B83678-98A1-440E-950C-4A27995C7294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9EEE31-479A-4370-BF00-C26C1AF502B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "95EABD7D-1F18-4FA5-BAA9-F8D69129E531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "65B836CA-3740-48B0-966B-21E65EF3D636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3988FA1B-18D9-46AA-87BA-A6B01D4F4B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51A46409-7AC6-45DB-B92D-29988C445BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "09E2B608-6C70-446F-A3A7-369048D99855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA00AE0-F447-4361-AA37-0C98BDE491E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "21DACE94-FBDC-4A3D-8DD6-E62D18F5EE7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "220A02AF-6ADA-4B75-BC81-40B2D847029A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEB8F61-195E-41DE-90CE-22854055E9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F72B91-1F7F-41EB-ABC8-1B50AFEC70EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "111091B9-CBAE-4FC7-8B97-7D2345BFCB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "54C6D9D3-50B2-4A63-B3D1-C76C70F4443E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "4110AA74-C69D-45BC-A630-9EE3A2036BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DEFD05-10EE-4242-B885-FD1B0DF6CAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAA1090-C1C7-43A2-BD44-065572D226B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD92305-91BF-4984-A029-8FA83CBF1A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F9A6DB-19BF-4798-879E-9BD4AD5EFF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "31EE280F-D76D-478B-ADD6-D5F2C7574A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "747314F7-A515-41FF-8095-62A9F05F0DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BE9ED0-685B-41F0-A984-D33E7034AEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F6AD99-7697-47E5-8301-723C16535C76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*",
"matchCriteriaId": "07B00AD3-D13C-45B5-A13A-9092D40F4A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*",
"matchCriteriaId": "14222EA8-E8ED-4818-ACB4-C6A13643F210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*",
"matchCriteriaId": "A22C28DD-5C99-4722-9093-A1E82A2C2808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "93714B71-6331-4F5A-A12A-B4B80CA2FEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10CD562E-1F06-4779-A29C-4069E3C86B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "4D83D507-64AF-4158-97B9-1353E2F8EE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5E39EA-C32E-4E87-9A3F-CCB5144F0E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF6249D-5AA8-4EA3-A92A-0E492FE5B811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE7F259-40A2-4866-8EF8-44A9913EC4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*",
"matchCriteriaId": "03C20A42-6A77-43D4-80D7-332BB2DF1B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC5DBB-249B-4EED-9F54-E23CB1919ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "088A1BDB-BB1A-46B5-898B-23311DE27CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAA828-F42A-420F-B17E-6FACF6CD483D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "D20664A4-4816-4F57-82BB-F4116FA33A41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "64226521-0723-4259-B214-0D2A35CF5FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*",
"matchCriteriaId": "6ABEEBFE-A8C8-40D4-97D8-F06676E67478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*",
"matchCriteriaId": "47831D80-33AC-4A13-B92D-3D2CBF215955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED428C8-E6AB-4BB1-BE7D-543B2A19410F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D5DAA1-3632-48D7-A657-4A4C83A119D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5AE8E0-3C11-4EE1-A599-4D70C6A13F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD36C3B-3C02-488B-B480-EA091D702CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BAD272-D4B6-40CE-B5E9-63145E12B638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEB311C-766D-4070-A0BE-9CE4593C8F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C185BF59-68E4-49F8-802F-C06FE840FF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5C399B31-B8EC-41C4-B6AB-83BABC474374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B00AF5F-D4F5-490C-8BF4-2B33EFBF15A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9AEB1D-0AA7-4842-9CF9-91BFD8B58A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "09150152-5DEA-4FA2-9163-63EAF4D83DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "45E5068A-42BE-478B-8C00-FE23B7837DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "023CCFB0-7995-408E-928A-76C5BD9B4924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "493F615D-DB81-48B3-9E74-C32544A01372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F12925-44F7-4790-8A06-345EB3DCCB71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5BF226-D62F-4F54-B771-EB108FD256FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EDBFCB-96DA-4A36-873A-3164975BE997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDB15BE-BDD2-4210-B224-A520E8DC7D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "70D3AD38-CCE7-47E6-8225-C0BFC3F10E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8BC209-45B9-44D6-A26D-0B570ED5BB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6644ED2F-66F3-469D-8233-72FE7321E850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF0E757-9E9C-4022-B32D-3F0E9C815FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34978D-6ABE-463E-AB48-21CC55B7D157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4568BB-F5FF-4BBB-9DA3-E66C2BFA2416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "246CF13F-FDC1-499E-9FC1-5624D54E9E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC66FD43-421B-4223-BA32-EC47B51E1091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F5664B-5AB9-4DE4-99AA-8FD32DBA4A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7712376-D776-4814-A041-FBFEAC70ADC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "103E5ECE-126B-4C93-A3C8-979DCCA4EB5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "65DEDF02-9239-497C-94DB-DAF80B6B4F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAAECD8-0C16-40CC-BA8A-97DF38BAF668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "84D9B3E6-D32D-4E4B-908A-39FAC3D5F618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2DB1EF-B961-4C56-8519-242419B6AB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDE2351-2B17-4C1A-A625-6C7DE691039A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "5426F3F0-CF21-45D4-9071-F8F7865A7619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "25147E8F-7385-4393-BE21-E3347610F003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "19C06F50-7C48-4FD6-B0C9-6C9B643742B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DA562433-F6F5-46C1-98DE-8309BD940260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CD684587-0D7E-411F-B9E3-14CBE4954499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB9178D-DEEF-4D2C-9347-F553312129C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3157A738-20EB-4BE0-A58B-E21DDA64EDC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "6D70C6B1-2360-48C9-931D-BAED79151DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "29F79896-3EF0-4F53-8EBC-66D811E2C315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0D174-F35C-488B-8577-00EFB7741089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDC5DA5-F2A7-4819-BB9D-258EB9AB7857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27B34D78-C0BC-45DC-AD84-F5F13451ED7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D3A7EC-774C-423F-BDE1-CDCB9433D87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B898B95-CF41-4813-8FE7-776BD59A6A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5E5899-5A3F-49A1-B18C-4C97566B87BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C7897EEC-DE43-485A-B2CD-E8623A6D2C8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC16FE2-E94E-45B9-94F0-B6434B21DD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8DAE31-CCA9-450D-90E5-B8F0490FB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "52FEB5C9-0C13-4FD6-876C-AAE7ED4E986C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2337F9F3-D26D-4A24-880A-800CD5C16795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "31F71BA3-5402-448E-9068-EB0DCA1D62EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5418D311-FC7D-4B46-950B-17094775D9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "AD67323A-8463-4B8F-B370-40C2ACFF4D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2BBA4F43-0FD0-4D7D-84A0-37C8E79B9B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "71E01CC8-1C29-4C46-8213-B48A2364CE8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "89FCEBCA-0AFB-42FB-9BB5-CB4EE7C38336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "62B29838-8B2F-41AA-A654-58255C4D1EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "480007D1-0121-4966-9995-9E491848681A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "162CF84D-0B1B-4920-B2F8-C812CA3DF18B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en la funci\u00f3n png_set_PLTE en libpng en versiones anteriores a 1.0.65, 1.1.x y 1.2.x en versiones anteriores a 1.2.55, 1.3.x, 1.4.x en versiones anteriores a 1.4.18, 1.5.x en versiones anteriores a 1.5.25 y 1.6.x en versiones anteriores a 1.6.20 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente tener otro impacto no especificado a trav\u00e9s de un valor peque\u00f1o de profundidad de bits en un IHDR (tambi\u00e9n conocido como image header) fragmento en una imagen PNG. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incorrecta para CVE-2015-8126."
}
],
"id": "CVE-2015-8472",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-21T15:59:00.117",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/78624"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/78624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206167"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-03 19:30
Modified
2025-04-11 00:51
Severity ?
Summary
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://libpng.sourceforge.net/ADVISORY-1.4.1.html | Third Party Advisory | |
| cret@cert.org | http://libpng.sourceforge.net/decompression_bombs.html | Third Party Advisory | |
| cret@cert.org | http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | Mailing List, Third Party Advisory | |
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html | Third Party Advisory | |
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html | Third Party Advisory | |
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html | Third Party Advisory | |
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html | Third Party Advisory | |
| cret@cert.org | http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | Mailing List, Third Party Advisory | |
| cret@cert.org | http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html | Mailing List, Third Party Advisory | |
| cret@cert.org | http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html | Mailing List | |
| cret@cert.org | http://lists.vmware.com/pipermail/security-announce/2010/000105.html | Third Party Advisory | |
| cret@cert.org | http://osvdb.org/62670 | Broken Link | |
| cret@cert.org | http://secunia.com/advisories/38774 | Third Party Advisory | |
| cret@cert.org | http://secunia.com/advisories/39251 | Third Party Advisory | |
| cret@cert.org | http://secunia.com/advisories/41574 | Third Party Advisory | |
| cret@cert.org | http://support.apple.com/kb/HT4435 | Broken Link | |
| cret@cert.org | http://ubuntu.com/usn/usn-913-1 | Third Party Advisory | |
| cret@cert.org | http://www.debian.org/security/2010/dsa-2032 | Third Party Advisory | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/576029 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.mandriva.com/security/advisories?name=MDVSA-2010:063 | Third Party Advisory | |
| cret@cert.org | http://www.mandriva.com/security/advisories?name=MDVSA-2010:064 | Third Party Advisory | |
| cret@cert.org | http://www.securityfocus.com/bid/38478 | Patch, Third Party Advisory, VDB Entry | |
| cret@cert.org | http://www.securitytracker.com/id?1023674 | Third Party Advisory, VDB Entry | |
| cret@cert.org | http://www.vmware.com/security/advisories/VMSA-2010-0014.html | Third Party Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2010/0517 | Third Party Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2010/0605 | Third Party Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2010/0626 | Third Party Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2010/0637 | Third Party Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2010/0667 | Third Party Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2010/0682 | Third Party Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2010/0686 | Third Party Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2010/0847 | Third Party Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2010/1107 | Third Party Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2010/2491 | Third Party Advisory | |
| cret@cert.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/56661 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.sourceforge.net/ADVISORY-1.4.1.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://libpng.sourceforge.net/decompression_bombs.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000105.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/62670 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38774 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39251 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/41574 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4435 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ubuntu.com/usn/usn-913-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2032 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/576029 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:063 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:064 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/38478 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023674 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0014.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0517 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0605 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0626 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0637 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0667 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0682 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0686 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0847 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1107 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/2491 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/56661 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| libpng | libpng | * | |
| libpng | libpng | * | |
| apple | mac_os_x | * | |
| fedoraproject | fedora | 11 | |
| fedoraproject | fedora | 12 | |
| fedoraproject | fedora | 13 | |
| opensuse | opensuse | 11.0 | |
| opensuse | opensuse | 11.1 | |
| opensuse | opensuse | 11.2 | |
| suse | linux_enterprise_server | 9 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| canonical | ubuntu_linux | 9.10 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3110AADE-22CC-4BF0-A45B-4884DC412622",
"versionEndExcluding": "1.0.53",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "376224B7-C526-4A78-95A4-034BD437E52B",
"versionEndExcluding": "1.2.43",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE8989E-12D3-4C9E-9BE3-D992533152F3",
"versionEndExcluding": "1.4.1",
"versionStartIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46E5D24A-8CA0-4590-9F35-F684D573D030",
"versionEndExcluding": "10.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
"matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
"matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
"matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack."
},
{
"lang": "es",
"value": "La funci\u00f3n png_decompress_chunk en pngrutil.c en libpng 1.0.x en versiones anteriores a la 1.0.53, 1.2.x en versiones anteriores a la 1.2.43 y1.4.x en versiones anteriores a la 1.4.1 no maneja adecuadamente los datos fragmentados auxiliares comprimidos que tienen una representaci\u00f3n descomprimida desproporcionada, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de la CPU y de la memoria y cuelgue de la aplicaci\u00f3n) mediante un fichero PNG manipulado, como ha quedado demostrado por el uso del m\u00e9todo de decompresi\u00f3n con datos con muchas ocurrencias del mismo caracter, en relaci\u00f3n con un ataque \"decompression bomb\" (bomba de descompresi\u00f3n)."
}
],
"id": "CVE-2010-0205",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-03T19:30:00.493",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://libpng.sourceforge.net/decompression_bombs.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"source": "cret@cert.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/62670"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38774"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39251"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41574"
},
{
"source": "cret@cert.org",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://ubuntu.com/usn/usn-913-1"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2032"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/576029"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/38478"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023674"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0517"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0605"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0626"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0637"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0667"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0682"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0686"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0847"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://libpng.sourceforge.net/decompression_bombs.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/62670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://ubuntu.com/usn/usn-913-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/576029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/38478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"
}
],
"sourceIdentifier": "cret@cert.org",
"vendorComments": [
{
"comment": "This issue has been addressed in Red Hat Enterprise Linux 3, 4, and 5 via https://rhn.redhat.com/errata/RHSA-2010-0534.html.",
"lastModified": "2010-07-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}