Skip to main content

Libpng CVE-2019-6129

MEDIUM
Memory Leak (CWE-401)
2019-01-11 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 11, 2019 - 05:29 cve.org
MEDIUM 6.5

DescriptionCVE.org

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.

AnalysisAI

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer. Affected products include: Libpng.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.

More in Libpng

View all
CVE-2015-0973 HIGH POC
8.8 Jan 18

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows

CVE-2026-25646 HIGH POC
8.3 Feb 10

Denial of service (with limited memory disclosure) in libpng before 1.6.55 lets an attacker supply a specially crafted b

CVE-2015-8540 HIGH
8.8 Apr 14

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.

CVE-2013-6954 MEDIUM POC
6.5 Jan 12

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL poi

CVE-2025-66293 HIGH POC
7.1 Dec 03

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)

CVE-2025-65018 HIGH POC
7.1 Nov 25

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)

CVE-2025-64720 HIGH POC
7.1 Nov 25

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)

CVE-2018-14048 MEDIUM POC
6.5 Jul 13

An issue has been found in libpng 1.6.34. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable,

CVE-2026-22695 MEDIUM POC
6.1 Jan 12

Libpng versions 1.6.51-1.6.53 contain a heap buffer over-read in the simplified API function png_image_finish_read when

CVE-2025-28164 MEDIUM POC
5.5 Jan 27

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_creat

CVE-2025-28162 MEDIUM POC
5.5 Jan 27

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngim

CVE-2014-9495 HIGH
8.8 Jan 10

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running

Share

CVE-2019-6129 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy