Libpng : Security Vulnerabilities, CVEs, Published In 2019 CVSS score >= 5
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Max CVSS
5.3
EPSS Score
0.47%
Published
2019-02-04
Updated
2022-05-23
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.
Max CVSS
6.5
EPSS Score
0.11%
Published
2019-01-11
Updated
2024-03-21
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
Max CVSS
8.8
EPSS Score
0.51%
Published
2019-07-10
Updated
2023-03-01
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
Max CVSS
9.8
EPSS Score
2.79%
Published
2019-07-10
Updated
2022-05-12
4 vulnerabilities found