Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libpng | Libpng | * | 1.5.13 |
Libpng | Libpng | 1.5.9 | 1.5.9 |
Libpng | Libpng | 1.5.8 | 1.5.8 |
Libpng | Libpng | 1.5.7 | 1.5.7 |
Libpng | Libpng | 1.5.1 | 1.5.1 |
Libpng | Libpng | 1.5.6 | 1.5.6 |
Libpng | Libpng | 1.5.3 | 1.5.3 |
Libpng | Libpng | 1.5.9 | 1.5.9 |
Libpng | Libpng | 1.5.12 | 1.5.12 |
Libpng | Libpng | 1.5.11 | 1.5.11 |
Libpng | Libpng | 1.5.8 | 1.5.8 |
Libpng | Libpng | 1.5.4 | 1.5.4 |
Libpng | Libpng | 1.5.5 | 1.5.5 |
Libpng | Libpng | 1.5.10 | 1.5.10 |
Libpng | Libpng | 1.5.0 | 1.5.0 |
Libpng | Libpng | 1.5.1 | 1.5.1 |
Libpng | Libpng | 1.5.4 | 1.5.4 |
Libpng | Libpng | 1.5.6 | 1.5.6 |
Libpng | Libpng | 1.5.11 | 1.5.11 |
Libpng | Libpng | 1.5.5 | 1.5.5 |
Libpng | Libpng | 1.5.13 | 1.5.13 |
Libpng | Libpng | 1.5.2 | 1.5.2 |
Libpng | Libpng | 1.5.7 | 1.5.7 |
Libpng | Libpng | 1.5.2 | 1.5.2 |