GHSA-qwwr-qc2p-6283

Suggest an improvement
Source
https://github.com/advisories/GHSA-qwwr-qc2p-6283
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-qwwr-qc2p-6283/GHSA-qwwr-qc2p-6283.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-qwwr-qc2p-6283
Aliases
Published
2021-03-22T16:57:07Z
Modified
2024-02-22T05:22:08.291933Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Out-of-bounds write in libpng
Details

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

Database specific
{
    "nvd_published_at": "2019-07-10T12:15:00Z",
    "cwe_ids": [
        "CWE-787"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-22T15:41:48Z"
}
References

Affected packages

NuGet / libpng

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.37

Affected versions

1.*

1.5.10.9
1.5.10.11
1.5.10.13
1.6.18.1
1.6.19.1
1.6.20.1
1.6.23.1
1.6.24.1
1.6.25.1
1.6.26.1
1.6.28.1

Database specific

{
    "last_known_affected_version_range": "<= 1.6.35"
}