The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of libpng

computer vulnerability announce CVE-2019-7317

libpng: use after free via png_image_free

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via png_image_free() of libpng, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, libpng, Firefox, Thunderbird, Slackware, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 05/02/2019.
Identifiers: 275, CVE-2019-7317, DSA-4435-1, MFSA-2019-14, MFSA-2019-15, SSA:2019-107-01, USN-3962-1, VIGILANCE-VUL-28437.

Description of the vulnerability

An attacker can force the usage of a freed memory area via png_image_free() of libpng, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-6129

libpng: memory leak via png_create_info_struct

Synthesis of the vulnerability

An attacker can create a memory leak via png_create_info_struct() of libpng, in order to trigger a denial of service.
Impacted products: libpng.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/01/2019.
Identifiers: 269, CVE-2019-6129, VIGILANCE-VUL-28269.

Description of the vulnerability

An attacker can create a memory leak via png_create_info_struct() of libpng, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-14048

libpng/pnm2png: denial of service via png_free_data

Synthesis of the vulnerability

An attacker can generate a fatal error via png_free_data() of libpng/pnm2png, in order to trigger a denial of service.
Impacted products: libpng, Java OpenJDK, Java Oracle, Slackware.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 16/07/2018.
Identifiers: 238, cpuoct2018, CVE-2018-14048, SSA:2019-107-01, VIGILANCE-VUL-26753.

Description of the vulnerability

An attacker can generate a fatal error via png_free_data() of libpng/pnm2png, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-13785

libpng: integer overflow via png_check_chunk_length

Synthesis of the vulnerability

An attacker can generate an integer overflow via png_check_chunk_length() of libpng, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, AIX, IBM i, libpng, McAfee Web Gateway, Java OpenJDK, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 12/07/2018.
Identifiers: cpuoct2018, CVE-2018-13785, FEDORA-2018-04eded822e, FEDORA-2018-3e04e9fe54, ibm10743955, openSUSE-SU-2019:0042-1, openSUSE-SU-2019:0043-1, RHSA-2018:3000-01, RHSA-2018:3001-01, RHSA-2018:3002-01, RHSA-2018:3003-01, RHSA-2018:3007-01, RHSA-2018:3008-01, RHSA-2018:3533-01, RHSA-2018:3534-01, RHSA-2018:3671-01, RHSA-2018:3672-01, SB10255, SUSE-SU-2018:3868-1, SUSE-SU-2018:3920-1, SUSE-SU-2018:3921-1, SUSE-SU-2018:3933-1, SUSE-SU-2018:4064-1, SUSE-SU-2019:0049-1, SUSE-SU-2019:0057-1, SUSE-SU-2019:0057-2, SUSE-SU-2019:0058-1, USN-3712-1, USN-3712-2, VIGILANCE-VUL-26692.

Description of the vulnerability

An attacker can generate an integer overflow via png_check_chunk_length() of libpng, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability 23610

libpng: NULL pointer dereference via png_handle_eXIf

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via png_handle_eXIf() of libpng, in order to trigger a denial of service.
Impacted products: libpng.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 25/08/2017.
Identifiers: VIGILANCE-VUL-23610.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via png_handle_eXIf() of libpng, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 22161

libpng: buffer overflow via png_do_expand

Synthesis of the vulnerability

An attacker can generate a buffer overflow via png_do_expand() of libpng, in order to trigger a denial of service, and possibly to run code.
Impacted products: libpng, XnView.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 16/03/2017.
Identifiers: VIGILANCE-VUL-22161.

Description of the vulnerability

An attacker can generate a buffer overflow via png_do_expand() of libpng, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-10087

libpng: NULL pointer dereference via png_set_text_2

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via png_set_text_2() of libpng, in order to trigger a denial of service.
Impacted products: Fedora, Notes, libpng, openSUSE Leap, Solaris, Slackware, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 29/12/2016.
Identifiers: 2002676, bulletinjul2017, CVE-2016-10087, FEDORA-2016-0eb1d4ad19, FEDORA-2016-12c22499dd, FEDORA-2016-1a7e14d084, FEDORA-2016-5c8dce58c9, FEDORA-2016-a4b06a036b, FEDORA-2016-aaf771b7a7, FEDORA-2017-66fd940572, FEDORA-2017-84bc8ac268, FEDORA-2017-bad9942e42, FEDORA-2017-cf1944f480, openSUSE-SU-2017:0937-1, openSUSE-SU-2017:0942-1, openSUSE-SU-2017:1037-1, SSA:2016-365-01, USN-3712-1, USN-3712-2, VIGILANCE-VUL-21483.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via png_set_text_2() of libpng, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 20311

libpng: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libpng.
Impacted products: libpng.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 04/08/2016.
Identifiers: VIGILANCE-VUL-20311.

Description of the vulnerability

Several vulnerabilities were announced in libpng.

An attacker can generate a buffer overflow via PNG_IMAGE_SIZE, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

An attacker can generate a buffer overflow via Filter Heuristic, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

An attacker can generate a buffer overflow via PNG_IMAGE_BUFFER_SIZE, in order to trigger a denial of service, and possibly to run code. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

vulnerability 19710

libpng: buffer overflow via image size related macros

Synthesis of the vulnerability

An attacker can generate a buffer overflow of libpng, in order to trigger a denial of service, and possibly to run code.
Impacted products: libpng.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 26/05/2016.
Identifiers: VIGILANCE-VUL-19710.

Description of the vulnerability

The libpng library includes macros to calculate the size of a an image line or the whole image.

However, these macros does not check whether the result is bigger that the available address space in 32 bits systems. On these platforms, an ill-formed image may trigger an arithmetic overflow and then a memory corruption.

An attacker can therefore generate a buffer overflow of libpng, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-8540

libpng: unreachable memory reading via png_check_keyword

Synthesis of the vulnerability

An attacker can force a read at an invalid address in png_check_keyword of libpng, in order to trigger a denial of service.
Impacted products: Debian, Fedora, AIX, Domino, Notes, libpng, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/12/2015.
Identifiers: 1975365, 1976200, 1976262, 1977405, bulletinjul2016, CVE-2015-8540, DSA-3443-1, FEDORA-2015-0a543024bf, FEDORA-2015-3868cfa17b, FEDORA-2015-39499d9af8, FEDORA-2015-ac8100927a, openSUSE-SU-2016:2672-1, openSUSE-SU-2017:0942-1, openSUSE-SU-2017:1037-1, RHSA-2016:0099-01, RHSA-2016:0100-01, RHSA-2016:0101-01, SSA:2015-351-02, SUSE-SU-2016:0399-1, SUSE-SU-2016:0401-1, SUSE-SU-2016:0428-1, SUSE-SU-2016:0431-1, SUSE-SU-2016:0433-1, SUSE-SU-2016:0636-1, SUSE-SU-2016:0770-1, SUSE-SU-2016:0776-1, USN-2861-1, VIGILANCE-VUL-18495.

Description of the vulnerability

The libpng library implements the support of PNG images.

A PNG image is composed of a series of fragments identified by four letters:
 - IHDR : header
 - IDAT : image data
 - tEXT : text
 - zTXt : compressed text with zlib
 - etc.

The png_check_keyword() function of the pngwutil.c file checks the name of keys for tEXT and zTXt fields. This function is called to create an image.

However, if the key contains a space alone, the png_check_keyword() function tries to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore force a read at an invalid address in png_check_keyword() of libpng, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about libpng: