11/13/2023 0 Comments Integer overflow in libpng![]() ![]() CVE-2016-3751: Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.CVE-2015-0973: Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.CVE-2014-9495: Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a “very wide interlaced” PNG image.CVE-2013-7354: Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.All vulnerability warnings and crash bugs are published on the main page.ĭependency libpng version 1.2.56 was detected at lib/x86/libcorona.so and suffers from the following vulnerabilities: As of 2017 the latest versions in the 1.6.x and 1.5.x branches were considered as release versions, while 1.4.x, 1.2.x, and 1.0.x were considered as legacy versions getting only security fixes. It is frequently used in both free and proprietary software, either directly or through the use of a higher level image library. libpng is released under the libpng license, a permissive free software licence, and is free software. libpng is dependent on zlib for data compression and decompression routines. It supports almost all of PNG’s features, is extensible, and has been widely used and tested for over 23 years. It is a platform-independent library that contains C functions for handling PNG images. Exploitation of this issue variesįrom easily accessible off the shelf exploit to requiring custom exploit.ĭependency libpng: libpng is the official Portable Network Graphics (PNG) reference library (originally called pnglib). The application is using an outdated component with publicly known vulnerabilities. So seems libpng 1.256 is used at lib/x86/libcorona.so,Īnd it should be updated to version 1.6.20, This game is out for years, and depends heavily on Facebook social features. My game is subject to be suspended from Facebook APIs due to security vulnerability for using outdated version of libpng.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |