Information on source package libpng1.6

Available versions

ReleaseVersion
stretch (security)1.6.28-1+deb9u1
buster1.6.36-6
bullseye1.6.37-1
sid1.6.37-1

Open issues

BugstretchbusterbullseyesidDescription
CVE-2019-17371vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerablelibpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_ ...
CVE-2017-12652vulnerable (no DSA, ignored)fixedfixedfixedlibpng before 1.6.32 does not properly check the length of chunks agai ...

Open unimportant issues

BugstretchbusterbullseyesidDescription
CVE-2019-6129vulnerablevulnerablevulnerablevulnerable** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a ...
CVE-2018-14550vulnerablevulnerablefixedfixedAn issue has been found in third-party PNM decoding associated with li ...
CVE-2018-14048vulnerablevulnerablefixedfixedAn issue has been found in libpng 1.6.34. It is a SEGV in the function ...

Resolved issues

BugDescription
CVE-2019-7317png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...
CVE-2018-13785In libpng 1.6.34, a wrong calculation of row_factor in the png_check_c ...
CVE-2016-10087The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before ...
CVE-2015-8472Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, ...
CVE-2015-0973Buffer overflow in the png_read_IDAT_data function in pngrutil.c in li ...
CVE-2014-9495Heap-based buffer overflow in the png_combine_row function in libpng b ...
CVE-2014-0333The png_push_read_chunk function in pngpread.c in the progressive deco ...
CVE-2013-7354Multiple integer overflows in libpng before 1.5.14rc03 allow remote at ...
CVE-2013-7353Integer overflow in the png_set_unknown_chunks function in libpng/pngs ...

Security announcements

DSA / DLADescription
DSA-4435-1libpng1.6 - security update

Search for package or bug name: Reporting problems