Description
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
References (7)
Core 7
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/109269
Vendor Advisory
https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS
Vendor Advisory
https://support.f5.com/csp/article/K88124225?utm_source=f5support&%3Butm_medium=RSS
Release Notes, Third Party Advisory
https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220506-0003/
Third Party Advisory
https://support.f5.com/csp/article/K88124225
Scores
CVSS v3
9.8
EPSS
0.0061
EPSS Percentile
69.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (2)
libpng/libpng
< 1.6.32
netapp/active_iq_unified_manager
Published
Jul 10, 2019
Tracked Since
Feb 18, 2026