PT-2017-17594 · Pngdefry · Pngdefry

Rajullas

Published

2017-03-22

Updated

2017-03-28

CVE-2017-7231

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions pngdefry versions prior to 2017-03-22

Description The issue is related to a heap-based buffer-overflow vulnerability. This occurs because pngdefry fails to properly process a specially crafted png file, affecting the process() function in the pngdefry.c source file.

Recommendations For versions prior to 2017-03-22, as a temporary workaround, consider disabling the process() function until a patch is available. Restrict access to the pngdefry.c source file to minimize the risk of exploitation. Avoid using pngdefry to process untrusted png files until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-7231

Affected Products

Pngdefry

PT-2017-17594 · Pngdefry · Pngdefry

CVE-2017-7231

Weakness Enumeration

Related Identifiers

Affected Products

References · 4