Libpng : Security Vulnerabilities Published In 2019
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
| Max Base Score | 5.3 |
| Published | 2019-02-04 |
| Updated | 2022-05-23 |
| EPSS | 0.33% |
** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."
| Max Base Score | 6.5 |
| Published | 2019-01-11 |
| Updated | 2020-08-24 |
| EPSS | 0.10% |
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
| Max Base Score | 8.8 |
| Published | 2019-07-10 |
| Updated | 2023-03-01 |
| EPSS | 0.51% |
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
| Max Base Score | 9.8 |
| Published | 2019-07-10 |
| Updated | 2022-05-12 |
| EPSS | 2.33% |
4 vulnerabilities found