A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
-
Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
---|---|---|---|---|---|
debian/libpng1.6 | deb | debian | 12 | >=1.6.39-2 | Not yet available |
debian/libpng1.6 | deb | debian | unstable | >=1.6.43-5 | Not yet available |
debian/libpng1.6 | deb | debian | 10 | >=1.6.36-6 | Not yet available |
debian/libpng1.6 | deb | debian | 13 | >=1.6.43-5 | Not yet available |
debian/libpng1.6 | deb | debian | 11 | >=1.6.37-3 | Not yet available |
Severity and metrics
No CVSS data available from this source.
1.8
1.8
1.8
-
-