Search CVE reports
1 – 10 of 10 results
CVE-2022-3857
Low priorityA flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.
5 affected packages
chromium-browser, firefox, libpng, libpng1.6, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not affected | Ignored | Ignored |
| firefox | Not affected | Not affected | Ignored | Ignored | Ignored |
| libpng | — | Not in release | Not in release | Not in release | Vulnerable |
| libpng1.6 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Needs evaluation |
| thunderbird | Ignored | Ignored | Ignored | Ignored | Ignored |
CVE-2021-4214
Medium priorityA heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a...
5 affected packages
chromium-browser, firefox, libpng, libpng1.6, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | Not affected | Not affected | Not affected | Not affected |
| firefox | — | Not affected | Not affected | Not affected | Not affected |
| libpng | — | Not in release | Not in release | Not in release | Not affected |
| libpng1.6 | — | Not affected | Not affected | Not affected | Not affected |
| thunderbird | — | Not affected | Not affected | Not affected | Not affected |
CVE-2019-17371
Negligible prioritygif2png 2.5.13 has a memory leak in the writefile function.
3 affected packages
gif2png, libpng, libpng1.6
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gif2png | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| libpng | Not in release | Not in release | Not in release | Not in release | Ignored |
| libpng1.6 | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2017-12652
Low prioritySome fixes available 2 of 7
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
5 affected packages
chromium-browser, firefox, libpng, libpng1.6, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not affected | Not affected | Not affected |
| firefox | Not affected | Not affected | Not affected | Not affected | Not affected |
| libpng | Not in release | Not in release | Not in release | Not in release | Fixed |
| libpng1.6 | Not affected | Not affected | Not affected | Not affected | Fixed |
| thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-14550
Medium priorityAn issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
2 affected packages
libpng, libpng1.6
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libpng | — | — | — | Not in release | Not affected |
| libpng1.6 | — | — | — | Not affected | Not affected |
CVE-2019-7317
Medium prioritySome fixes available 35 of 38
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
8 affected packages
firefox, libpng, libpng1.6, openjdk-12, openjdk-8...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| libpng | Not in release | Not in release | Not in release | Not in release | Not affected |
| libpng1.6 | Not affected | Not affected | Not affected | Fixed | Vulnerable |
| openjdk-12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjdk-8 | Not affected | Not affected | Not affected | Fixed | Fixed |
| openjdk-9 | Not in release | Not in release | Not in release | Not in release | Ignored |
| openjdk-lts | Not affected | Not affected | Not affected | Fixed | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-6129
Negligible priority** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."
2 affected packages
libpng, libpng1.6
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libpng | — | — | — | Not in release | Ignored |
| libpng1.6 | — | — | — | Ignored | Ignored |
CVE-2018-14048
Low prioritySome fixes available 2 of 7
An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
2 affected packages
libpng, libpng1.6
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libpng | Not in release | Not in release | Not in release | Not in release | Fixed |
| libpng1.6 | Not affected | Not affected | Not affected | Vulnerable | Fixed |
CVE-2018-13785
Medium priorityIn libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
2 affected packages
libpng, libpng1.6
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libpng | — | — | — | Not in release | Not affected |
| libpng1.6 | — | — | — | Fixed | Not affected |
CVE-2016-10087
Low prioritySome fixes available 2 of 5
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors...
5 affected packages
chromium-browser, firefox, libpng, libpng1.6, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not affected | Not affected | Not affected |
| firefox | Not affected | Not affected | Not affected | Not affected | Not affected |
| libpng | Not in release | Not in release | Not in release | Not in release | Fixed |
| libpng1.6 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |