ALT Linux Team

Package libpng update in sisyphus on 2014-12-24

ALT-PU-2014-2488-1

Package libpng updated to version 1.5.21-alt1 for branch sisyphus in task 137520.

Closed vulnerabilities

Published: 2014-08-14

BDU:2015-09756

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2015-01-10

BDU:2016-01662

Уязвимость библиотеки libpng, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2015-01-18

BDU:2016-01663

Уязвимость библиотеки libpng, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2014-05-06
Modified: 2025-06-09

CVE-2013-7353

Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2014-05-06
Modified: 2025-06-09

CVE-2013-7354

Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2015-01-10
Modified: 2025-06-09

CVE-2014-9495

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2015-01-18
Modified: 2025-06-09

CVE-2015-0973

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top