CyberSec.Space Logo
Back to CVE Browser

CVE-2018-14550

HIGH
8.8
CVSS Severity Score
EPSS Score0.0100%
EPSS Percentile42.73th
PublishedJul 10, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

Affected Platforms (CPE)

πŸ“¦
Libpng

Libpng

= 1.6.35
πŸ“¦
Oracle

Hyperion Infrastructure Technology

= 11.1.2.6.0
πŸ“¦
Oracle

Mysql Workbench

<= 8.0.23
πŸ“¦
Netapp

Active Iq Unified Manager

All versions
πŸ“¦
Netapp

Oncommand Api Services

All versions

References & Advisories

πŸ”— https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
πŸ”— https://github.com/glennrp/libpng/issues/246
πŸ”— https://security.gentoo.org/glsa/201908-02
πŸ”— https://security.netapp.com/advisory/ntap-20221028-0001/
πŸ”— https://www.oracle.com/security-alerts/cpuApr2021.html
πŸ”— https://www.oracle.com/security-alerts/cpuoct2021.html
πŸ”— https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
πŸ”— https://github.com/glennrp/libpng/issues/246

Related Vulnerabilities

CVE-2004-059710.0

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary c...

CVE-2010-12059.8

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow rem...

CVE-2017-126529.8

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

CVE-2016-104249.8

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon ...