QwikSec

Security Database

CVE

CWE

Training

CVE-2015-0973

Published: Jan 18, 2015

Modified: Jun 9, 2025

PUBLISHED

Description

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

APPLE-SA-2016-03-21-5

vendor-advisory

https://support.apple.com/HT206167

[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available

mailing-list

[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow

mailing-list

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow

mailing-list

third-party-advisory

http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt

https://security.netapp.com/advisory/ntap-20240719-0005/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.