10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.964 High
EPSS
Percentile
99.4%
These vulnerabilities are described as methods under which an attacker could generate a PNG file that would cause applications that uselibpngto execute arbitrary code. Since an attacker would requireroot access to the BIG-IP or 3-DNS in order to exploit this vulnerability, it is considered to be a minor risk.
F5 Product Development tracked this issue as CR39078, and it was fixed in BIG-IP version 4.5.11 and 4.6.3, in which the version of libpng was upgraded to version 1.2.5.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip / 3-dns | le | 4.6.2 |