5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
79.2%
Multiple integer overflows in libpng before 1.5.14rc03 allow remote
attackers to cause a denial of service (crash) via a crafted image to the
(1) png_set_sPLT or (2) png_set_text_2 function, which triggers a
heap-based buffer overflow.
Author | Note |
---|---|
mdeslaur | only affects 1.5 and higher as per http://sourceforge.net/p/png-mng/mailman/message/32215052/ |