Search CVE reports


Toggle filters

11 – 20 of 55 results


CVE-2015-8540

Medium priority
Fixed

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to...

4 affected packages

chromium-browser, firefox, libpng, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser
firefox
libpng
thunderbird
Show less packages

CVE-2015-8472

Medium priority
Fixed

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service...

7 affected packages

chromium-browser, firefox, libpng, openjdk-6, openjdk-7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser
firefox
libpng
openjdk-6
openjdk-7
openjdk-8
thunderbird
Show all 7 packages Show less packages

CVE-2015-8126

Medium priority
Fixed

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote...

7 affected packages

chromium-browser, firefox, libpng, openjdk-6, openjdk-7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser
firefox
libpng
openjdk-6
openjdk-7
openjdk-8
thunderbird
Show all 7 packages Show less packages

CVE-2015-7981

Low priority
Fixed

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an...

4 affected packages

chromium-browser, firefox, libpng, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser
firefox
libpng
thunderbird
Show less packages

CVE-2015-0973

Medium priority
Ignored

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a...

2 affected packages

libpng, texlive-bin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpng
texlive-bin
Show less packages

CVE-2014-9495

Medium priority
Not affected

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very...

1 affected package

libpng

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpng
Show less packages

CVE-2013-7354

Medium priority
Not affected

Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.

1 affected package

libpng

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpng
Show less packages

CVE-2013-7353

Medium priority
Not affected

Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image,...

1 affected package

libpng

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpng
Show less packages

CVE-2014-0333

Low priority
Not affected

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

1 affected package

libpng

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpng
Show less packages

CVE-2013-6954

Medium priority
Ignored

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to...

2 affected packages

libpng, openjdk-7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpng
openjdk-7
Show less packages