Vulnerability CVE-2017-12652


Published: 2019-07-10

Description:
libpng before 1.6.32 does not properly check the length of chunks against the user limit.

Type:

CWE-20

(Improper Input Validation)

Vendor: Libpng
Product: Libpng 
Version:
1.6.9
1.6.8
1.6.7
1.6.6
1.6.5
1.6.4
1.6.31-46
1.6.31
1.6.30-45
1.6.30
1.6.3
1.6.29-43
1.6.29-42
1.6.29-40
1.6.29
1.6.28-39
1.6.28-38
1.6.28
1.6.27-37
1.6.27
1.6.26-35
1.6.26-34
1.6.26-32
1.6.26-30
1.6.26-29
1.6.26
1.6.25-28
1.6.25-27
1.6.25-23
1.6.25
1.6.24-22
1.6.24
1.6.23-21
1.6.23
1.6.22-20
1.6.22
1.6.21-19
1.6.21-18
1.6.21-17
1.6.21
1.6.20-16
1.6.20-15
1.6.20
1.6.2
1.6.19-14
1.6.19-13
1.6.19
1.6.18-12
1.6.18
1.6.17
1.6.16
1.6.15
1.6.14
1.6.13
1.6.12
1.6.11
1.6.10
1.6.1
1.6.0
1.5.9
1.5.8
1.5.7
1.5.6
1.5.5
1.5.4
1.5.30
1.5.3
1.5.29
1.5.28
1.5.27
1.5.26
1.5.25
1.5.24
1.5.23
1.5.22
1.5.21
1.5.20
1.5.2
1.5.19
1.5.18
1.5.17
1.5.16
1.5.15
1.5.14
1.5.13
1.5.12
1.5.11
1.5.10
1.5.1
1.5.0
1.4.9
1.4.8
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.22
1.4.21
1.4.20
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/109269
https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE
https://support.f5.com/csp/article/K88124225

Related CVE
CVE-2019-17371
libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_struct.
CVE-2018-14550
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
CVE-2019-7317
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2019-6129
** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."
CVE-2018-14048
An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
CVE-2018-13785
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
CVE-2016-10087
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text c...
CVE-2016-3751
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Sig...

Copyright 2019, cxsecurity.com

 

Back to Top