CVE-2018-14550
HIGHlibpng 1.6.35 - Stack-based Buffer Overflow in pnm2png get_token Function
Title source: llmDescription
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
References (6)
Core 6
Core References
Exploit, Patch, Third Party Advisory
https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
Exploit, Patch, Third Party Advisory
https://github.com/glennrp/libpng/issues/246
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221028-0001/
Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201908-02
Scores
CVSS v3
8.8
EPSS
0.0175
EPSS Percentile
82.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (6)
libpng/libpng
1.6.35
netapp/active_iq_unified_manager
netapp/oncommand_api_services
nuget/libpng
0 - 1.6.37NuGet
oracle/hyperion_infrastructure_technology
11.1.2.6.0
oracle/mysql_workbench
< 8.0.23
Published
Jul 10, 2019
Tracked Since
Feb 18, 2026