The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
The product reads data past the end, or before the beginning, of the intended buffer.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libpng | Libpng | 1.0.0 (including) | 1.0.0 (including) |
Libpng | Libpng | 1.0.5 (including) | 1.0.5 (including) |
Libpng | Libpng | 1.0.6 (including) | 1.0.6 (including) |
Libpng | Libpng | 1.0.7 (including) | 1.0.7 (including) |
Libpng | Libpng | 1.0.8 (including) | 1.0.8 (including) |
Libpng | Libpng | 1.0.9 (including) | 1.0.9 (including) |
Libpng | Libpng | 1.0.10 (including) | 1.0.10 (including) |
Libpng | Libpng | 1.0.11 (including) | 1.0.11 (including) |
Libpng | Libpng | 1.0.12 (including) | 1.0.12 (including) |
Libpng | Libpng | 1.0.13 (including) | 1.0.13 (including) |
Libpng | Libpng | 1.0.14 (including) | 1.0.14 (including) |
Libpng | Libpng | 1.2.0 (including) | 1.2.0 (including) |
Libpng | Libpng | 1.2.1 (including) | 1.2.1 (including) |
Libpng | Libpng | 1.2.2 (including) | 1.2.2 (including) |
Libpng | Libpng | 1.2.3 (including) | 1.2.3 (including) |
Libpng | Libpng | 1.2.4 (including) | 1.2.4 (including) |
Libpng | Libpng | 1.2.5 (including) | 1.2.5 (including) |
Openpkg | Openpkg | 1.3 (including) | 1.3 (including) |
Openpkg | Openpkg | 2.0 (including) | 2.0 (including) |
Libpng | Redhat | 1.2.2-16 (including) | 1.2.2-16 (including) |
Libpng | Redhat | 1.2.2-20 (including) | 1.2.2-20 (including) |
Red Hat Enterprise Linux 3 | RedHat | libpng-2:1.2.2-21 | * |
Red Hat Enterprise Linux 3 | RedHat | libpng10-0:1.0.13-12 | * |
Red Hat Linux 9 | RedHat | * | |
Libpng | Ubuntu | dapper | * |
Libpng | Ubuntu | devel | * |
Libpng | Ubuntu | edgy | * |
Libpng | Ubuntu | feisty | * |
Libpng3 | Ubuntu | dapper | * |
Libpng3 | Ubuntu | edgy | * |