ALT-PU-2018-2728-1
Closed vulnerabilities
Published: 2017-10-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-2158
Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file.
Severity: HIGH (7.8)
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- [oss-security] 20150228 Re: CVE request: pngcrush 1.7.83 crash bug (most likely exploitable)
- [oss-security] 20150228 Re: CVE request: pngcrush 1.7.83 crash bug (most likely exploitable)
- 72830
- 72830
- https://bugzilla.redhat.com/show_bug.cgi?id=1198171
- https://bugzilla.redhat.com/show_bug.cgi?id=1198171
- https://sourceforge.net/p/pmt/news/2015/02/pngcrush-1784-released/
- https://sourceforge.net/p/pmt/news/2015/02/pngcrush-1784-released/
Published: 2017-09-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-7700
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References: