CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
19.9%
A heap overflow flaw was found in libpngs’ pngimage.c program. This flaw
allows an attacker with local network access to pass a specially crafted
PNG file to the pngimage utility, causing an application to crash, leading
to a denial of service.
Author | Note |
---|---|
mdeslaur | The pngimage utility is only used during build to test well-known inputs. It is not shipped in the resulting binary packages, so while the vulnerable code exists in the libpng1.6 source package it is not used in an insecure way and is not present on end-user systems. Marking as not-affected. Code is not compiled at all in firefox. |