CVE-2012-3425

libpng < 1.0.58, 1.2.48, 1.4.10, 1.5.10 DoS via Large avail_in Field

Title source: llm
STIX 2.1

Description

The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.

Scores

EPSS 0.0336
EPSS Percentile 87.3%

Details

CWE
CWE-119
Status published
Products (50)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.04
canonical/ubuntu_linux 15.10
debian/debian_linux 6.0
libpng/libpng 1.4.0
libpng/libpng 1.4.1
libpng/libpng 1.4.2
libpng/libpng 1.4.3
libpng/libpng 1.4.4
... and 40 more
Published Aug 13, 2012
Tracked Since Feb 18, 2026