CVE search results

11 – 20 of 55 results

Detailed view

Sort by:

CVE-2015-8540

Medium priority

Fixed

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to...

4 affected packages

chromium-browser, firefox, libpng, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	—	—	—	—	—
firefox	—	—	—	—	—
libpng	—	—	—	—	—
thunderbird	—	—	—	—	—

CVE-2015-8472

Medium priority

Fixed

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service...

7 affected packages

chromium-browser, firefox, libpng, openjdk-6, openjdk-7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	—	—	—	—	—
firefox	—	—	—	—	—
libpng	—	—	—	—	—
openjdk-6	—	—	—	—	—
openjdk-7	—	—	—	—	—
openjdk-8	—	—	—	—	—
thunderbird	—	—	—	—	—

CVE-2015-8126

Medium priority

Fixed

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote...

7 affected packages

chromium-browser, firefox, libpng, openjdk-6, openjdk-7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	—	—	—	—	—
firefox	—	—	—	—	—
libpng	—	—	—	—	—
openjdk-6	—	—	—	—	—
openjdk-7	—	—	—	—	—
openjdk-8	—	—	—	—	—
thunderbird	—	—	—	—	—

CVE-2015-7981

Low priority

Fixed

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an...

4 affected packages

chromium-browser, firefox, libpng, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	—	—	—	—	—
firefox	—	—	—	—	—
libpng	—	—	—	—	—
thunderbird	—	—	—	—	—

CVE-2015-0973

Medium priority

Ignored

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a...

2 affected packages

libpng, texlive-bin

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libpng	—	—	—	—	—
texlive-bin	—	—	—	—	—

CVE-2014-9495

Medium priority

Not affected

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very...

1 affected packages

libpng

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libpng	—	—	—	—	—

CVE-2013-7354

Medium priority

Not affected

Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.

1 affected packages

libpng

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libpng	—	—	—	—	—

CVE-2013-7353

Medium priority

Not affected

Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image,...

1 affected packages

libpng

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libpng	—	—	—	—	—

CVE-2014-0333

Low priority

Not affected

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

1 affected packages

libpng

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libpng	—	—	—	—	—

CVE-2013-6954

Medium priority

Ignored

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to...

2 affected packages

libpng, openjdk-7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libpng	—	—	—	—	—
openjdk-7	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports