Описание
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.
A heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access.
Отчет
This vulnerability is rated Moderate for Red Hat products. It affects applications that process specially crafted PNG files using the vulnerable libpng library. Exploitation requires user interaction, where a victim must open or process a malicious PNG image, leading to a heap buffer over-read. This could result in information disclosure or application crash.
java-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of OpenJDK 11 ELS | java-11-openjdk | Fix deferred | ||
| Red Hat build of OpenJDK 11 ELS | java-11-openjdk-portable | Fix deferred | ||
| Red Hat build of OpenJDK 11 ELS | java-21-openjdk-portable | Fix deferred | ||
| Red Hat build of OpenJDK 17 | java-17-openjdk-portable | Fix deferred | ||
| Red Hat build of OpenJDK 17 | java-21-openjdk-portable | Fix deferred | ||
| Red Hat build of OpenJDK 1.8 | java-1.8.0-openjdk-portable | Fix deferred | ||
| Red Hat build of OpenJDK 21 | java-21-openjdk-portable | Fix deferred | ||
| Red Hat build of OpenJDK 21 | java-21-openjdk-portable-rhel7 | Fix deferred | ||
| Red Hat Enterprise Linux 10 | firefox | Fix deferred | ||
| Red Hat Enterprise Linux 10 | java-21-openjdk | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.
LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index
LIBPNG is a reference library for use in applications that read, creat ...
EPSS
4.4 Medium
CVSS3