4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.015 Low
EPSS
Percentile
86.9%
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical
instead of bitwise operations and (2) incorrect comparisons, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG image.
Author | Note |
---|---|
jdstrand | given medium because of wide install base bug (1) is said to have been introduced in 1.2.19. Looking at pngrtran.c in 1.2.8 and 1.2.15 (as included in Ubuntu), the vulnerable code is not present bug (2) still applies to 1.2.15, but not 1.2.8 reducing to negligible as pngset.c change should not do anything |