The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-343-1 | libpng security update |
![]() |
DLA-375-1 | libpng security update |
![]() |
EUVD-2012-3394 | The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image. |
![]() |
USN-2815-1 | libpng vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sun, 13 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T20:05:12.386Z
Reserved: 2012-06-14T00:00:00
Link: CVE-2012-3425

No data.

Status : Deferred
Published: 2012-08-13T20:55:09.207
Modified: 2025-04-11T00:51:21.963
Link: CVE-2012-3425


No data.