5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.014 Low
EPSS
Percentile
85.0%
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
Steve Grubb discovered a out of bounds memory access flaw in libpng. An
attacker could carefully craft a PNG file in such a way that it would cause
an application linked to libpng to crash when opened by a victim. This
issue may not be used to execute arbitrary code.
Users are advised to upgrade to these updated packages that contain a
backported security fix not vulnerable to this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | libpng-devel | < 1.0.14-0.7x.5 | libpng-devel-1.0.14-0.7x.5.ia64.rpm |
RedHat | any | ppc | libpng10-devel | < 1.0.13-12 | libpng10-devel-1.0.13-12.ppc.rpm |
RedHat | any | ppc | libpng10 | < 1.0.13-12 | libpng10-1.0.13-12.ppc.rpm |
RedHat | any | s390 | libpng10-devel | < 1.0.13-12 | libpng10-devel-1.0.13-12.s390.rpm |
RedHat | any | i386 | libpng10-devel | < 1.0.13-12 | libpng10-devel-1.0.13-12.i386.rpm |
RedHat | any | ia64 | libpng | < 1.0.14-0.7x.5 | libpng-1.0.14-0.7x.5.ia64.rpm |
RedHat | any | ia64 | libpng10 | < 1.0.13-12 | libpng10-1.0.13-12.ia64.rpm |
RedHat | any | i386 | libpng-devel | < 1.2.2-21 | libpng-devel-1.2.2-21.i386.rpm |
RedHat | any | ppc | libpng-devel | < 1.2.2-21 | libpng-devel-1.2.2-21.ppc.rpm |
RedHat | any | ia64 | libpng10-devel | < 1.0.13-12 | libpng10-devel-1.0.13-12.ia64.rpm |