CVE-2022-36752

MEDIUM

png2webp 1.0.4 - Out-of-bounds Write via w2p Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-36752. PoCs published by Halcy0nic.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2022-36752, an out-of-bounds write vulnerability in png2webp v1.0.4. It includes reproduction steps, ASAN output, and identifies the vulnerable code in the w2p function.

Description

png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file.

Exploits (1)

nomisec WRITEUP 1 stars

by Halcy0nic · poc

https://github.com/Halcy0nic/CVE-2022-36752

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2022-36752, an out-of-bounds write vulnerability in png2webp v1.0.4. It includes reproduction steps, ASAN output, and identifies the vulnerable code in the w2p function.

Classification

Writeup 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: png2webp v1.0.4

No auth needed

Prerequisites: Vulnerable version of png2webp (v1.0.4) · Crafted .webp file

MITRE ATT&CK

T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://github.com/landfillbaby/png2webp/issues/3

Patch, Third Party Advisory x_refsource_misc

https://github.com/landfillbaby/png2webp/commit/8f21ad79b0cd98fc22d5b49734543101946abbff

View Patch ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0042

EPSS Percentile 33.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-787

Status published

Products (1)

png2webp_project/png2webp 1.0.4

Published Jul 28, 2022

Tracked Since Feb 18, 2026