CVE-2017-12652 — Improper Input Validation in Libpng

CWE-20 — Improper Input Validation14 documents11 sources

Severity

9.8CRITICALNVD

EPSS

0.6%

top 29.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libpng

Timeline

PublishedJul 10

Latest updateDec 30

Description

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDlibpng/libpng< 1.6.32

▶Ubuntulibpng/libpng< 1.2.54-1ubuntu1.1+esm1

🔴Vulnerability Details

OSV

libpng1.6 vulnerabilities↗2022-05-24

▶

GHSA

GHSA-94xg-qm4r-9r7c: libpng before 1↗2022-05-24

▶

OSV

libpng vulnerabilities↗2022-05-23

▶

OSV

CVE-2017-12652: libpng before 1↗2019-07-10

▶

CVEList

CVE-2017-12652: libpng before 1↗2019-07-10

▶

📋Vendor Advisories

CISA ICS

Rockwell Automation PanelView 800↗2023-09-28

▶

Ubuntu

libpng vulnerabilities↗2022-05-24

▶

Ubuntu

libpng vulnerabilities↗2022-05-23

▶

Red Hat

libpng: does not check length of chunks against user limit↗2019-07-10

▶

Microsoft

libpng before 1.6.32 does not properly check the length of chunks against the user limit.↗2019-07-09

▶

📄Research Papers

arXiv

Similar but Patched Code Considered Harmful -- The Impact of Similar but Patched Code on Recurring Vulnerability Detection and How to Remove Them↗2024-12-30

▶

💬Community

Bugzilla

CVE-2017-12652 libpng: does not check length of chunks against user limit↗2019-07-29

▶