CVE-2018-14550

Опубликовано: 10 июл. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

Ссылки

https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
Exploit
Patch
Third Party Advisory
https://github.com/glennrp/libpng/issues/246
Exploit
Patch
Third Party Advisory
https://security.gentoo.org/glsa/201908-02
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221028-0001/
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory
https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
Exploit
Patch
Third Party Advisory
https://github.com/glennrp/libpng/issues/246
Exploit
Patch
Third Party Advisory
https://security.gentoo.org/glsa/201908-02
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221028-0001/
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libpng:libpng:1.6.35:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*

Версия до 8.0.23 (включая)

Конфигурация 3

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01778

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2018-14550

CVSS3: 8.8

ubuntu

больше 6 лет назад

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

CVE-2018-14550

CVSS3: 7

redhat

больше 7 лет назад

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

CVE-2018-14550

CVSS3: 8.8

debian

больше 6 лет назад

An issue has been found in third-party PNM decoding associated with li ...

GHSA-qwwr-qc2p-6283

CVSS3: 8.8

github

почти 5 лет назад

Out-of-bounds write in libpng

BDU:2023-07609

CVSS3: 8.8

fstec

больше 7 лет назад

Уязвимость функции get_token компонента pnm2png.c библиотеки для работы с растровой графикой в формате PNG Libpng, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 82%

0.01778

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787