GHSA-qwwr-qc2p-6283

Source

https://github.com/advisories/GHSA-qwwr-qc2p-6283

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-qwwr-qc2p-6283/GHSA-qwwr-qc2p-6283.json

Aliases

CVE-2018-14550

Published

2021-03-22T16:57:07Z

Modified

2024-02-22T05:22:08.291933Z

Details

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

References

https://nvd.nist.gov/vuln/detail/CVE-2018-14550
https://github.com/glennrp/libpng/issues/246
https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
https://github.com/glennrp/libpng
https://security.gentoo.org/glsa/201908-02
https://security.netapp.com/advisory/ntap-20221028-0001
https://snyk.io/vuln/SNYK-UPSTREAM-LIBPNG-1043612
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html

Affected packages

NuGet / libpng

Package

Name: libpng

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.6.37

Affected versions

1.*

1.5.10.9

1.5.10.11

1.5.10.13

1.6.18.1

1.6.19.1

1.6.20.1

1.6.23.1

1.6.24.1

1.6.25.1

1.6.26.1

1.6.28.1

Database specific

{
    "last_known_affected_version_range": "<= 1.6.35"
}