The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.
Max CVSS
4.3
EPSS Score
3.93%
Published
2012-08-13
Updated
2018-10-30
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
Max CVSS
5.0
EPSS Score
2.06%
Published
2004-08-18
Updated
2024-02-09
2 vulnerabilities found