CVE-2018-14047

MEDIUM

PNGwriter 0.7.0 - Memory Corruption

Title source: llm
STIX 2.1

Description

An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it. Do NOT use this in sensitive environments, especially DO NOT read PNGs from unknown sources with it!" statement in the master/README.md file

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/pngwriter/pngwriter/issues/129
Exploit, Third Party Advisory x_refsource_misc
https://github.com/fouzhe/security/tree/master/pngwriter

Scores

CVSS v3 5.5
EPSS 0.0095
EPSS Percentile 56.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-119
Status published
Products (1)
pngwriter_project/pngwriter 0.7.0
Published Jul 13, 2018
Tracked Since Feb 18, 2026