5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.208 Low
EPSS
Percentile
96.3%
A Secunia Advisory reports:
Some vulnerabilities have been reported in libpng, which can be
exploited by malicious people to cause a DoS (Denial of
Service).
Certain errors within libpng, including a logical NOT instead of a
bitwise NOT in pngtrtran.c, an error in the 16bit cheap transparency
extension, and an incorrect use of sizeof() may be exploited to
crash an application using the library.
Various out-of-bounds read errors exist within the functions
png_handle_pCAL(), png_handle_sCAL(), png_push_read_tEXt(),
png_handle_iTXt(), and png_handle_ztXt(), which may be exploited by
exploited to crash an application using the library.
The vulnerability is caused due to an off-by-one error within
the ICC profile chunk handling, which potentially can be
exploited to crash an application using the library.