CVE-2016-5735
HIGHpngquant 2.7.0 - Integer Overflow in rwpng_read_image24_libpng
Title source: llmDescription
Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.
References (3)
Core 3
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
http://sf.snu.ac.kr/gil.hur/publications/shovel.pdf
Patch, Third Party Advisory x_refsource_confirm
https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/06/msg00028.html
Scores
CVSS v3
7.8
EPSS
0.0181
EPSS Percentile
75.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (1)
pngquant/pngquant
2.7.0
Published
May 23, 2017
Tracked Since
Feb 18, 2026