CVE-2021-4214

2022-08-2416:15:10

Debian Security Bug Tracker

security-tracker.debian.org

heap overflow

libpngs

pngimage

denial of service

unix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.9%

JSON

A heap overflow flaw was found in libpngs’ pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

OSVersionArchitecturePackageVersionFilename
Debian12alllibpng1.6<= 1.6.39-2libpng1.6_1.6.39-2_all.deb
Debian11alllibpng1.6<= 1.6.37-3libpng1.6_1.6.37-3_all.deb
Debian999alllibpng1.6<= 1.6.44-2libpng1.6_1.6.44-2_all.deb
Debian13alllibpng1.6<= 1.6.44-1libpng1.6_1.6.44-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libpng1.6	<= 1.6.39-2	libpng1.6_1.6.39-2_all.deb
Debian	11	all	libpng1.6	<= 1.6.37-3	libpng1.6_1.6.37-3_all.deb
Debian	999	all	libpng1.6	<= 1.6.44-2	libpng1.6_1.6.44-2_all.deb
Debian	13	all	libpng1.6	<= 1.6.44-1	libpng1.6_1.6.44-1_all.deb