9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.664 Medium
EPSS
Percentile
98.0%
IBM Netezza Analytics for NPS uses gdal version 1.7.2. IBM Netezza Analytics for NPS has addressed the applicable CVEs.
CVEID:CVE-2011-3045
**DESCRIPTION:**libpng is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the png_inflate() function. By persuading a victim to open a specially-crafted Portable Network Graphics (PNG) image file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/74000 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID:CVE-2013-6629
**DESCRIPTION:**Google Chrome could allow a remote attacker to obtain sensitive information, caused by an error in the get_sos() function within the libjpeg and libjpeg-turbo libraries. An attacker could exploit this vulnerability to read uninitialized memory and obtain sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/88783 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID:CVE-2017-15232
**DESCRIPTION:**libjpeg-turbo is vulnerable to a denial of service, caused by a NULL pointer dereference in jdpostct.c and jquant1.c. By persuading a victim to open a specially crafted JPEG file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/133309 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2012-2806
**DESCRIPTION:**libjpeg-turbo is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the get_sos() function. By persuading a victim to open a specially-crafted JPEG image, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/76952 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID:CVE-2013-6630
**DESCRIPTION:**Google Chrome could allow a remote attacker to obtain sensitive information, caused by an error in the get_dht() function within the libjpeg and libjpeg-turbo libraries. An attacker could exploit this vulnerability to read uninitialized memory and obtain sensitive information.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/88784 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID:CVE-2011-3048
**DESCRIPTION:**libpng could allow a remote attacker to execute arbitrary code on the system, caused by an error in the png_set_text_2() function. By persuading a victim to open a specially-crafted Portable Network Graphics (PNG) image file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/74494 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID:CVE-2008-3964
**DESCRIPTION:**libpng is vulnerable to a denial of service, caused by an off-by-one error in the png_push_read_zTXt() function. By persuading a victim to view a PNG image containing specially-crafted zTXt chunks, an attacker could cause the affected application to crash.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/44928 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVEID:CVE-2011-2501
**DESCRIPTION:**libpng is vulnerable to a denial of service, caused by an off-by-one error in pngerror.c. By persuading a victim to view a specially-crafted PNG image file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/68517 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVEID:CVE-2015-7981
**DESCRIPTION:**libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/107740 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2011-2691
**DESCRIPTION:**libpng is vulnerable to a denial of service, caused by a NULL pointer dereference error in the png_default_error() function. By sending a specially-crafted string, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/68537 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID:CVE-2017-12652
**DESCRIPTION:**An unspecified error with improper validation of length of chunks against the user limit in libpng has an unknown impact and attack vector.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163589 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2010-1205
**DESCRIPTION:**libpng is vulnerable to a buffer overflow, caused by improper bounds checking by progressive applications when handling image row data. By sending an extra image row data beyond the reported height in the header, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/59815 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID:CVE-2015-8472
**DESCRIPTION:**libpng is vulnerable to a buffer overflow, caused by improper bounds checking by the png_get_PLTE() and png_set_PLTE() functions. By persuading a victim to open a specially crafted PNG image, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/109392 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID:CVE-2011-2692
**DESCRIPTION:**libpng is vulnerable to a denial of service, caused by an error when processing invalid sCAL chunks. By persuading a victim to view a specially-crafted PNG image file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/68536 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVEID:CVE-2015-8540
**DESCRIPTION:**libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/109219 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2016-10087
**DESCRIPTION:**libpng is vulnerable to a denial of service, caused by a NULL pointer dereference in the png_set_text_2 function. By loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/124207 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2015-8126
**DESCRIPTION:**libpng is vulnerable to a buffer overflow, caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions. By persuading a victim to open a specially-crafted PNG file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/108010 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2012-3425
**DESCRIPTION:**libpng is vulnerable to a denial of service, caused by an out-of-bounds read. A remote attacker could exploit this vulnerability to crash the vulnerable library.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/77165 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID:CVE-2018-17000
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference in the _TIFFmemcmp function in tif_unix.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/149860 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2018-19210
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/152872 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2019-14973
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by an iInteger overflow in the _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165333 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2017-11613
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a flaw in the TIFFOpen function. By using a specially-crafted file, an attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/129463 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2017-5563
**DESCRIPTION:**LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tif_lzw.c. By persuading a victim to open a specially-crafted bmp image file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/121605 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2018-15209
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in the ChopUpSingleUncompressedStrip in tif_dirread.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148105 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2018-16335
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a heap-baesd buffer overflow in the newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/149245 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Netezza Analytics for NPS | All versions upto 11.2.24 |
Product | VRMF | Remediation/First Fix |
---|
IBM Netezza Analytics for NPS
| 11.2.25| Link to Fix Central
Note: IBM Netezza Analytics for NPS addresses above CVEs by removing gdal from IBM Netezza Analytics for NPS.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm netezza analytics | eq | any |
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.664 Medium
EPSS
Percentile
98.0%