Integer overflow

2014-05-0614:55:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

78.8%

JSON

Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.

CPENameOperatorVersion
libpngle1.5.13
libpngeq1.5.9 beta
libpngeq1.5.8
libpngeq1.5.7
libpngeq1.5.1
libpngeq1.5.6 beta
libpngeq1.5.3 beta
libpngeq1.5.9
libpngeq1.5.12
libpngeq1.5.11 beta

Name	Operator	Version
libpng	le	1.5.13
libpng	eq	1.5.9 beta
libpng	eq	1.5.8
libpng	eq	1.5.7
libpng	eq	1.5.1
libpng	eq	1.5.6 beta
libpng	eq	1.5.3 beta
libpng	eq	1.5.9
libpng	eq	1.5.12
libpng	eq	1.5.11 beta