Debian Libpng1.6 vulnerabilities

CVE-2017-12652 [CRITICAL] CVE-2017-12652: libpng1.6 - libpng before 1.6.32 does not properly check the length of chunks against the us... libpng before 1.6.32 does not properly check the length of chunks against the user limit. Scope: local bookworm: resolved (fixed in 1.6.32-1) bullseye: resolved (fixed in 1.6.32-1) forky: resolved (fixed in 1.6.32-1) sid: resolved (fixed in 1.6.32-1) trixie: resolved (fixed in 1.6.32-1)

CVE-2016-10087 [HIGH] CVE-2016-10087: libpng1.6 - The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1... The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. Scope: local book

CVE-2015-8472 [HIGH] CVE-2015-8472: libpng1.6 - Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and ... Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

CVE-2015-0973 [HIGH] CVE-2015-0973: libpng1.6 - Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng befor... Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. Scope: local bookworm: resolved (fixed in 1.6.16-1) bullseye: resolved (fixed in 1.6.16-1) forky: resolved (fixed

CVE-2014-9495 [HIGH] CVE-2014-9495: libpng1.6 - Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.... Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. Scope: local bookworm: resolved (fixed in 1.6.16-1) bullseye: resolved (fixed in 1.6.16-1) forky: resolved (fixed in 1.6.1

CVE-2014-0333 [MEDIUM] CVE-2014-0333: libpng1.6 - The png_push_read_chunk function in pngpread.c in the progressive decoder in lib... The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero. Scope: local bookworm: resolved (fixed in 1.6.10-1) bullseye: resolved (fixed in 1.6.10-1) forky: resolved (fixed in 1.6.10-1) sid:

CVE-2013-7354 [MEDIUM] CVE-2013-7354: libpng1.6 - Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to... Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.6.10-1) bullseye: resolved (fixed in 1.6.10-1) forky: resolved (fixed in 1.6.10-1) sid

CVE-2013-7353 [MEDIUM] CVE-2013-7353: libpng1.6 - Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in li... Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.6.10-1) bullseye: resolved (fixed in 1.6.10-1) forky: re