CVE-2016-5735

Опубликовано: 23 мая 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.

Ссылки

http://sf.snu.ac.kr/gil.hur/publications/shovel.pdf
Exploit
Technical Description
Third Party Advisory
https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00028.html
http://sf.snu.ac.kr/gil.hur/publications/shovel.pdf
Exploit
Technical Description
Third Party Advisory
https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00028.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pngquant:pngquant:2.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00406

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2016-5735

CVSS3: 7.8

ubuntu

около 8 лет назад

Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.

CVE-2016-5735

CVSS3: 7.8

debian

около 8 лет назад

Integer overflow in the rwpng_read_image24_libpng function in rwpng.c ...

GHSA-2326-85qm-8gr9

CVSS3: 7.8

github

около 3 лет назад

Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.

EPSS

Процентиль: 60%

0.00406

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190