CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
73.2%
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before
2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a
PNG image, which allows remote attackers to cause a denial of service
(out-of-bounds array access) or possibly have unspecified other impact via
a crafted image with two or more of these chunks.
Author | Note |
---|---|
mdeslaur | as of 2016-03-11, no equivalent fix in libav |