CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-14550

HIGH
8.8
CVSS Severity Score
EPSS Score0.0100%
EPSS Percentile42.73th
Published2019年7月10日
Last Modified2024年11月21日

Vulnerability Description

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

Affected Platforms (CPE)

📦
Libpng

Libpng

= 1.6.35
📦
Oracle

Hyperion Infrastructure Technology

= 11.1.2.6.0
📦
Oracle

Mysql Workbench

<= 8.0.23
📦
Netapp

Active Iq Unified Manager

All versions
📦
Netapp

Oncommand Api Services

All versions

References & Advisories

🔗 https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
🔗 https://github.com/glennrp/libpng/issues/246
🔗 https://security.gentoo.org/glsa/201908-02
🔗 https://security.netapp.com/advisory/ntap-20221028-0001/
🔗 https://www.oracle.com/security-alerts/cpuApr2021.html
🔗 https://www.oracle.com/security-alerts/cpuoct2021.html
🔗 https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
🔗 https://github.com/glennrp/libpng/issues/246

相關漏洞威脅

CVE-2004-059710.0

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary c...

CVE-2010-12059.8

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow rem...

CVE-2017-126529.8

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

CVE-2016-104249.8

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon ...