Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-3857

Опубликовано: 04 нояб. 2022
Источник: redhat
CVSS3: 5.5

Описание

[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.

Отчет

This CVE has been rejected upstream, because this flaw does not exist and was erroneously tested. This issue has been marked as a false-positive - https://sourceforge.net/p/libpng/bugs/300/ Red Hat has also evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. As such, this CVE has been marked as "Rejected" in alignment with Red Hat's vulnerability management policies. If you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of OpenJDK 11java-11-openjdk-portableFix deferred
Red Hat build of OpenJDK 17java-11-openjdk-portableFix deferred
Red Hat build of OpenJDK 1.8java-11-openjdk-portableFix deferred
Red Hat Enterprise Linux 6libpngOut of support scope
Red Hat Enterprise Linux 7libpngOut of support scope
Red Hat Enterprise Linux 7libpng12Out of support scope
Red Hat Enterprise Linux 8java-11-openjdkFix deferred
Red Hat Enterprise Linux 8java-17-openjdkFix deferred
Red Hat Enterprise Linux 8java-1.8.0-openjdkFix deferred
Red Hat Enterprise Linux 8libpngFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2142600libpng: Null pointer dereference leads to segmentation fault

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-3857

ubuntu
почти 3 года назад

Rejected reason: Maintainer contacted. This is a false-positive. The flaw does not actually exist and was erroneously tested.

nvd логотип

CVE-2022-3857

nvd
почти 3 года назад

Rejected reason: Maintainer contacted. This is a false-positive. The flaw does not actually exist and was erroneously tested.

msrc логотип

CVE-2022-3857

msrc
больше 1 года назад

Описание отсутствует

github логотип

GHSA-7g42-9vp5-476x

CVSS3: 5.5
github
почти 3 года назад

A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.

5.5 Medium

CVSS3