CVE-2002-0728Improper Restriction of Operations within the Bounds of a Memory Buffer in Roelofs Libpng

7 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 32.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Greg Roelofs Libpng
Timeline
PublishedAug 12
Latest updateMay 3

Description

Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgreg_roelofs/libpng1.0.14, 1.2.4+1

🔴Vulnerability Details

2
GHSA
GHSA-hm75-38g4-x8xm: Buffer overflow in the progressive reader for libpng 12022-05-03
CVEList
CVE-2002-0728: Buffer overflow in the progressive reader for libpng 12002-07-26

📋Vendor Advisories

2
Red Hat
security flaw2002-08-05
Red Hat
security flaw2002-07-08

💬Community

2
Bugzilla
CVE-2002-0728 security flaw2018-08-16
Bugzilla
CVE-2002-0660 security flaw2018-08-16