Libpng : Security Vulnerabilities, CVEs, Published In 2008 CVSS score >= 4
Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.
Max CVSS
4.3
EPSS Score
0.45%
Published
2008-09-11
Updated
2022-01-31
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Max CVSS
7.5
EPSS Score
3.17%
Published
2008-04-14
Updated
2018-10-11
2 vulnerabilities found