Lucene search

GoogleOSV:CVE-2021-4214

HistoryAug 24, 2022 - 4:15 p.m.

CVE-2021-4214

2022-08-2416:15:10

Google

osv.dev

cve-2021-4214

heap overflow

libpngs

pngimage

denial of service

local network access

png file

application crash

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

19.9%

JSON

A heap overflow flaw was found in libpngs’ pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

References

access.redhat.com/security/cve/CVE-2021-4214

bugzilla.redhat.com/show_bug.cgi?id=2043393

github.com/glennrp/libpng/issues/302

security-tracker.debian.org/tracker/CVE-2021-4214

security.netapp.com/advisory/ntap-20221020-0001/

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

19.9%

JSON

Related for OSV:CVE-2021-4214