Search CVE reports


Toggle filters

1 – 10 of 55 results


CVE-2022-3857

Low priority
Vulnerable

A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.

5 affected packages

chromium-browser, firefox, libpng, libpng1.6, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Not affected Not affected Not affected Ignored Ignored
firefox Not affected Not affected Ignored Ignored Ignored
libpng Not in release Not in release Not in release Vulnerable
libpng1.6 Vulnerable Vulnerable Vulnerable Vulnerable Needs evaluation
thunderbird Ignored Ignored Ignored Ignored Ignored
Show less packages

CVE-2021-4214

Medium priority
Not affected

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a...

5 affected packages

chromium-browser, firefox, libpng, libpng1.6, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Not affected Not affected Not affected Not affected
firefox Not affected Not affected Not affected Not affected
libpng Not in release Not in release Not in release Not affected
libpng1.6 Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-17371

Negligible priority
Needs evaluation

gif2png 2.5.13 has a memory leak in the writefile function.

3 affected packages

gif2png, libpng, libpng1.6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gif2png Not in release Not in release Not in release Needs evaluation Needs evaluation
libpng Not in release Not in release Not in release Not in release Ignored
libpng1.6 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-12652

Low priority

Some fixes available 2 of 7

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

5 affected packages

chromium-browser, firefox, libpng, libpng1.6, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Not affected Not affected Not affected Not affected Not affected
firefox Not affected Not affected Not affected Not affected Not affected
libpng Not in release Not in release Not in release Not in release Fixed
libpng1.6 Not affected Not affected Not affected Not affected Fixed
thunderbird Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2018-14550

Medium priority
Not affected

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

2 affected packages

libpng, libpng1.6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpng Not in release Not affected
libpng1.6 Not affected Not affected
Show less packages

CVE-2019-7317

Medium priority

Some fixes available 37 of 40

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

8 affected packages

firefox, libpng, libpng1.6, openjdk-12, openjdk-8...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed Fixed Fixed Fixed
libpng Not in release Not in release Not in release Not in release Not affected
libpng1.6 Not affected Not affected Not affected Fixed Vulnerable
openjdk-12 Not in release Not in release Not in release Not in release Not in release
openjdk-8 Not affected Not affected Not affected Fixed Fixed
openjdk-9 Not in release Not in release Not in release Not in release Ignored
openjdk-lts Not affected Not affected Not affected Fixed Not in release
thunderbird Fixed Fixed Fixed Fixed Fixed
Show all 8 packages Show less packages

CVE-2019-6129

Negligible priority
Ignored

** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."

2 affected packages

libpng, libpng1.6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpng Not in release Ignored
libpng1.6 Ignored Ignored
Show less packages

CVE-2018-14048

Low priority

Some fixes available 2 of 7

An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.

2 affected packages

libpng, libpng1.6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpng Not in release Not in release Not in release Not in release Fixed
libpng1.6 Not affected Not affected Not affected Vulnerable Fixed
Show less packages

CVE-2018-13785

Medium priority
Fixed

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

2 affected packages

libpng, libpng1.6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpng Not in release Not affected
libpng1.6 Fixed Not affected
Show less packages

CVE-2016-10087

Low priority

Some fixes available 2 of 5

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors...

5 affected packages

chromium-browser, firefox, libpng, libpng1.6, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Not affected Not affected Not affected Not affected Not affected
firefox Not affected Not affected Not affected Not affected Not affected
libpng Not in release Not in release Not in release Not in release Fixed
libpng1.6 Not affected Not affected Not affected Not affected Vulnerable
thunderbird Not affected Not affected Not affected Not affected Not affected
Show less packages