CVE-2006-3334 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Roelofs Libpng

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.8%

top 17.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Greg Roelofs Libpng

Timeline

PublishedJun 30

Latest updateMay 1

Description

Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDgreg_roelofs/libpng1.2.11+12

🔴Vulnerability Details

GHSA

GHSA-852r-9m3w-pq97: Buffer overflow in the png_decompress_chunk function in pngrutil↗2022-05-01

▶

CVEList

CVE-2006-3334: Buffer overflow in the png_decompress_chunk function in pngrutil↗2006-06-30

▶

💥Exploits & PoCs

Exploit-DB

eStara SoftPhone 3.0.1 SIP Packet - Multiple Malformed Field Denial of Service Vulnerabilities↗2006-02-14

▶

📋Vendor Advisories

Red Hat

CVE-2006-3334: Buffer overflow in the png_decompress_chunk function in pngrutil↗

▶