Описание
A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
A flaw was found in libpng. A local attacker could exploit this vulnerability by manipulating the width/height arguments in the do_pnm2png function of the pnm2png component. This manipulation causes a heap-based buffer overflow, which could lead to information disclosure and denial of service (DoS).
Отчет
This MODERATE impact heap-based buffer overflow in the pnm2png utility of libpng requires local execution to exploit. Red Hat products are affected if they process untrusted image data using the pnm2png utility.
Меры по смягчению последствий
To mitigate this vulnerability, avoid processing untrusted image data with the pnm2png utility. Restrict execution of pnm2png to trusted users and ensure that only trusted image files are processed.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of OpenJDK 11 ELS | java-11-openjdk | Fix deferred | ||
| Red Hat build of OpenJDK 11 ELS | java-11-openjdk-portable | Fix deferred | ||
| Red Hat build of OpenJDK 17 | java-17-openjdk-portable | Fix deferred | ||
| Red Hat build of OpenJDK 1.8 | java-1.8.0-openjdk-portable | Fix deferred | ||
| Red Hat build of OpenJDK 21 | java-21-openjdk-portable | Fix deferred | ||
| Red Hat build of OpenJDK 25 | java-25-openjdk-portable | Fix deferred | ||
| Red Hat Enterprise Linux 10 | firefox | Under investigation | ||
| Red Hat Enterprise Linux 10 | java-21-openjdk | Under investigation | ||
| Red Hat Enterprise Linux 10 | java-25-openjdk | Under investigation | ||
| Red Hat Enterprise Linux 10 | libpng | Under investigation |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
A flaw has been found in pnggroup libpng up to 1.6.55. Affected by thi ...
A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
EPSS
5.3 Medium
CVSS3