Description
An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it. Do NOT use this in sensitive environments, especially DO NOT read PNGs from unknown sources with it!" statement in the master/README.md file
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/pngwriter/pngwriter/issues/129
Exploit, Third Party Advisory x_refsource_misc
https://github.com/fouzhe/security/tree/master/pngwriter
Scores
CVSS v3
5.5
EPSS
0.0095
EPSS Percentile
56.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (1)
pngwriter_project/pngwriter
0.7.0
Published
Jul 13, 2018
Tracked Since
Feb 18, 2026