PT-2011-1260 · Libpng · Libpng
Torindel
·
Publicado
2011-08-31
·
Atualizado
2012-06-15
·
CVE-2006-7244
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
libpng versions 1.2.13beta1 through 1.2.15beta3
Description
The issue is related to a memory leak in the pngwutil.c file of libpng. It allows context-dependent attackers to cause a denial of service, which can result in a memory leak or segmentation fault. This can be achieved by using a JPEG image that contains an iCCP chunk with a negative embedded profile length.
Recommendations
For libpng versions 1.2.13beta1 through 1.2.15beta3, update to version 1.2.15beta3 or later to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Libpng