Description
png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file.
Exploits (1)
References (2)
Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/landfillbaby/png2webp/issues/3
Patch, Third Party Advisory x_refsource_misc
https://github.com/landfillbaby/png2webp/commit/8f21ad79b0cd98fc22d5b49734543101946abbff
Scores
CVSS v3
5.5
EPSS
0.0094
EPSS Percentile
76.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-787
Status
published
Products (1)
png2webp_project/png2webp
1.0.4
Published
Jul 28, 2022
Tracked Since
Feb 18, 2026