CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
89.3%
libpng is a standard library used to process PNG (Portable Network Graphics) images. It is used by several programs, including web browsers and potentially server processes.
Two vulnerabilities have been discovered in libpng:
A context-dependent attacker could entice a user to open a specially crafted PNG file using an application linked against libpng, possibly resulting in execution of arbitrary code.
There is no known workaround at this time.
All libpng 1.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.16"
All libpng 1.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.21"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | media-libs/libpng | < 1.6.16 | UNKNOWN |