Libpng before 1.6.32 does not properly check the length of chunks against the user limit. In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.Īn issue has been found in libpng 1.6.34. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width.Īn issue has been found in third-party PNM decoding associated with libpng 1.6.35.
OPENCV INTERLACING IMAGE FREE
Attackers can trigger a heap-based buffer over-read in libpng via a crafted flif file.Īn issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Because this is associated with an erroneous call to png_write_row in libpng, an out-of-bounds write might occur for some memory layouts.Īn issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. There is a heap-based buffer over-read in the function writePNG in the file util/dbl2png.c of the dbl2png command-line program. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."Īn issue was discovered in libming 0.4.8. ** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. Png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. Product: AndroidVersions: Android-10Android ID: A-110986616 User interaction is not required for exploitation.
This could lead to local escalation of privilege with no additional execution privileges required. In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. A heap overflow flaw was found in libpngs' pngimage.c program.
0 kommentar(er)
