CVE-2018-14048
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
58.7%
An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| libpng | libpng | 1.6.34 | cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:* |
| oracle | jdk | 1.6.0 | cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:* |
| oracle | jdk | 1.7.0 | cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:* |
| oracle | jdk | 1.8.0 | cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:* |
| oracle | jdk | 11.0.0 | cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:* |
| oracle | jre | 1.6.0 | cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:* |
| oracle | jre | 1.7.0 | cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:* |
| oracle | jre | 1.8.0 | cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:* |
| oracle | jre | 11.0.0 | cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:* |
References
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
58.7%