CVE-2018-14550

CWE-787 — Out-of-bounds Write CWE-121 — Stack-based Buffer Overflow15 documents7 sources

Severity

8.8HIGH

EPSS

1.8%

top 17.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Mysql Workbench Libpng Libpng Oracle Hyperion Infrastructure Technology

Timeline

PublishedJul 10

Latest updateMar 22

Description

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NuGetlibpng< 1.6.37

▶Debianlibpng1.6< 1.6.37-1+3

▶NVDlibpng/libpng1.6.35

▶NVDoracle/mysql_workbench8.0.23

▶NVDoracle/hyperion_infrastructure_technology11.1.2.6.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

Out-of-bounds write in libpng↗2021-03-22

▶

GHSA

Out-of-bounds write in libpng↗2021-03-22

▶

CVEList

CVE-2018-14550: An issue has been found in third-party PNM decoding associated with libpng 1↗2019-07-10

▶

OSV

CVE-2018-14550: An issue has been found in third-party PNM decoding associated with libpng 1↗2019-07-10

▶

📋Vendor Advisories

Red Hat

libpng: Stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token() potentially leading to arbitrary code execution↗2018-07-21

▶

Debian

CVE-2018-14550: libpng1.6 - An issue has been found in third-party PNM decoding associated with libpng 1.6.3...↗2018

▶

💬Community

Bugzilla

CVE-2018-14550 libpng10: libpng: Stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token() potentially leading to arbitrary code execution [epel-6]↗2018-07-26

▶

Bugzilla

CVE-2018-14550 libpng15: libpng: Stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token() potentially leading to arbitrary code execution [fedora-all]↗2018-07-26

▶

Bugzilla

CVE-2018-14550 libpng: Stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token() potentially leading to arbitrary code execution↗2018-07-26

▶

Bugzilla

CVE-2018-14550 libpng12: libpng: Stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token() potentially leading to arbitrary code execution [fedora-all]↗2018-07-26

▶

Bugzilla

CVE-2018-14550 mingw-libpng: libpng: Stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token() potentially leading to arbitrary code execution [epel-7]↗2018-07-26

▶