| Release | Version |
|---|---|
| stretch (security) | 1.6.28-1+deb9u1 |
| buster | 1.6.36-6 |
| bullseye | 1.6.37-1 |
| sid | 1.6.37-1 |
| Bug | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|
| CVE-2019-17371 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_ ... |
| CVE-2017-12652 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | libpng before 1.6.32 does not properly check the length of chunks agai ... |
| Bug | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|
| CVE-2019-6129 | vulnerable | vulnerable | vulnerable | vulnerable | ** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a ... |
| CVE-2018-14550 | vulnerable | vulnerable | fixed | fixed | An issue has been found in third-party PNM decoding associated with li ... |
| CVE-2018-14048 | vulnerable | vulnerable | fixed | fixed | An issue has been found in libpng 1.6.34. It is a SEGV in the function ... |
| Bug | Description |
|---|---|
| CVE-2019-7317 | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ... |
| CVE-2018-13785 | In libpng 1.6.34, a wrong calculation of row_factor in the png_check_c ... |
| CVE-2016-10087 | The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before ... |
| CVE-2015-8472 | Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, ... |
| CVE-2015-0973 | Buffer overflow in the png_read_IDAT_data function in pngrutil.c in li ... |
| CVE-2014-9495 | Heap-based buffer overflow in the png_combine_row function in libpng b ... |
| CVE-2014-0333 | The png_push_read_chunk function in pngpread.c in the progressive deco ... |
| CVE-2013-7354 | Multiple integer overflows in libpng before 1.5.14rc03 allow remote at ... |
| CVE-2013-7353 | Integer overflow in the png_set_unknown_chunks function in libpng/pngs ... |
| DSA / DLA | Description |
|---|---|
| DSA-4435-1 | libpng1.6 - security update |