- Home
- CVEs with nessus.description==Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2007-2445 The png_handle_tRNS function allows attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
- CVE-2007-5269 Certain chunk handlers allow attackers to cause a denial of service (crash) via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations.
- CVE-2008-1382 libpng allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length 'unknown' chunks, which trigger an access of uninitialized memory.
- CVE-2008-5907 The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords.
- CVE-2008-6218 A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.
- CVE-2009-0040 libpng allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top