CVE-2018-14048Out-of-bounds Read in Libpng

CWE-125Out-of-bounds Read17 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.8%
top 25.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LibpngOracle JDKOracle JRE
Timeline
PublishedJul 13
Latest updateMay 24

Description

An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDlibpng/libpng1.6.34
NVDoracle/jdk4 versions+3
NVDoracle/jre4 versions+3

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
OSV
libpng vulnerabilities2022-05-23
GHSA
GHSA-64xj-5wfx-5pjg: An issue has been found in libpng 12022-05-13
OSV
CVE-2018-14048: An issue has been found in libpng 12018-07-13
CVEList
CVE-2018-14048: An issue has been found in libpng 12018-07-13

📋Vendor Advisories

4
Ubuntu
libpng vulnerabilities2022-05-24
Ubuntu
libpng vulnerabilities2022-05-23
Red Hat
libpng: Segmentation fault in png.c:png_free_data function causing denial of service2018-07-12
Debian
CVE-2018-14048: libpng1.6 - An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_...2018

💬Community

8
Bugzilla
CVE-2018-14048 libpng12: libpng: Segmentation fault in png.c:png_free_data function causing denial of service [fedora-all]2018-07-24
Bugzilla
CVE-2018-14048 libpng: Segmentation fault in png.c:png_free_data function causing denial of service2018-07-24
Bugzilla
CVE-2018-14048 mingw-libpng: libpng: Segmentation fault in png.c:png_free_data function causing denial of service [epel-7]2018-07-24
Bugzilla
CVE-2018-14048 libpng10: libpng: Segmentation fault in png.c:png_free_data function causing denial of service [fedora-all]2018-07-24
Bugzilla
CVE-2018-14048 libpng10: libpng: Segmentation fault in png.c:png_free_data function causing denial of service [epel-6]2018-07-24
CVE-2018-14048 — Out-of-bounds Read in Libpng | cvebase