Every CVE whose affected-product data names Greg Roelofs Libpng, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2004-0597 — CVSS 10.0 (critical): Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via…
CVE-2002-1363 — CVSS 7.5 (high): Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to…
CVE-2002-0660 — CVSS 7.5 (high): Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow…
CVE-2006-3334 — CVSS 7.5 (high): Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a…
CVE-2004-0599 — CVSS 5.0 (medium): Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display…
CVE-2002-0728 — CVSS 5.0 (medium): Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of…
CVE-2004-0598 — CVSS 5.0 (medium): The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a…
CVE-2006-0481 — CVSS 5.0 (medium): Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service…
CVE-2006-5793 — CVSS 2.6 (low): The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data…
CVE-2011-3328 — CVSS 2.6 (low): The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a…