CVE-2018-14047

Опубликовано: 13 июл. 2018

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it. Do NOT use this in sensitive environments, especially DO NOT read PNGs from unknown sources with it!" statement in the master/README.md file

Ссылки

https://github.com/fouzhe/security/tree/master/pngwriter
Exploit
Third Party Advisory
https://github.com/pngwriter/pngwriter/issues/129
Exploit
Third Party Advisory
https://github.com/fouzhe/security/tree/master/pngwriter
Exploit
Third Party Advisory
https://github.com/pngwriter/pngwriter/issues/129
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pngwriter_project:pngwriter:0.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00165

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2018-14047

CVSS3: 5.5

debian

больше 7 лет назад

An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter: ...

GHSA-7vfh-4qhw-544r

CVSS3: 5.5

github

больше 3 лет назад

** DISPUTED ** An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it. Do NOT use this in sensitive environments, especially DO NOT read PNGs from unknown sources with it!" statement in the master/README.md file.

EPSS

Процентиль: 38%

0.00165

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-119