Search CVE reports

Toggle filters

1 – 10 of 10 results

CVE-2022-3857

Low priority
Ignored

Rejected reason: Maintainer contacted. This is a false-positive. The flaw does not actually exist and was erroneously tested.

5 affected packages

libpng, libpng1.6, thunderbird, firefox, chromium-browser

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libpng Not in release Not in release Not in release
libpng1.6 Not affected Not affected Not affected Not affected
thunderbird Ignored Ignored Not in release Ignored
firefox Not affected Not affected Not in release Ignored
chromium-browser Not affected Not affected Not in release Ignored
Show less packages

CVE-2021-4214

Medium priority
Not affected

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a...

5 affected packages

thunderbird, chromium-browser, firefox, libpng, libpng1.6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
thunderbird Not affected Not in release Not affected
chromium-browser Not affected Not in release Not affected
firefox Not affected Not in release Not affected
libpng Not in release Not in release Not in release
libpng1.6 Not affected Not affected Not affected
Show less packages

CVE-2019-7317

Medium priority

Some fixes available 39 of 42

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

8 affected packages

firefox, libpng, libpng1.6, openjdk-9, openjdk-12...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Fixed Fixed Fixed Fixed
libpng Not in release Not in release Not in release Not in release
libpng1.6 Not affected Not affected Not affected Fixed
openjdk-9 Not in release Not in release Not in release Not in release
openjdk-12 Not in release Not in release Not in release Not in release
openjdk-8 Not affected Not affected Not affected Fixed
openjdk-lts Not affected Not affected Not affected Fixed
thunderbird Fixed Fixed Fixed Fixed
Show all 8 packages Show less packages

CVE-2019-6129

Negligible priority
Ignored

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.

2 affected packages

libpng, libpng1.6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libpng Not in release
libpng1.6 Ignored
Show less packages

CVE-2019-17371

Negligible priority
Needs evaluation

gif2png 2.5.13 has a memory leak in the writefile function.

3 affected packages

libpng, libpng1.6, gif2png

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libpng Not in release Not in release Not in release Not in release
libpng1.6 Not affected Not affected Not affected Not affected
gif2png Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2018-14550

Medium priority
Not affected

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

2 affected packages

libpng, libpng1.6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libpng Not in release
libpng1.6 Not affected
Show less packages

CVE-2018-14048

Low priority

Some fixes available 2 of 7

An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.

2 affected packages

libpng1.6, libpng

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libpng1.6 Not affected Not affected Not affected Vulnerable
libpng Not in release Not in release Not in release Not in release
Show less packages

CVE-2018-13785

Medium priority
Fixed

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

2 affected packages

libpng, libpng1.6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libpng Not in release
libpng1.6 Fixed
Show less packages

CVE-2017-12652

Low priority

Some fixes available 2 of 7

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

5 affected packages

chromium-browser, firefox, libpng, libpng1.6, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium-browser Not affected Not affected Not in release Not affected
firefox Not affected Not affected Not in release Not affected
libpng Not in release Not in release Not in release Not in release
libpng1.6 Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not in release Not affected
Show less packages

CVE-2016-10087

Low priority

Some fixes available 2 of 5

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors...

5 affected packages

firefox, libpng, thunderbird, chromium-browser, libpng1.6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release Not affected
libpng Not in release Not in release Not in release Not in release
thunderbird Not affected Not affected Not in release Not affected
chromium-browser Not affected Not affected Not in release Not affected
libpng1.6 Not affected Not affected Not affected Not affected
Show less packages