PT-2017-4283 · Png Development+6 · Libpng+6

Published

2017-08-04

Updated

2024-09-06

CVE-2017-12652

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: libpng versions prior to 1.6.32

Description: The issue is related to insufficient input validation in the libpng library, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The problem arises from the library's failure to properly check the length of chunks against the user limit.

Recommendations: For versions prior to 1.6.32, update to version 1.6.32 or later to resolve the issue. As a temporary workaround, consider restricting the use of libpng until a patch is applied.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2018-2451

AZL-43468

AZL-43573

AZL-44469

AZL-44973

AZL-45045

AZL-45102

BDU:2023-07738

CESA-2020_3901

CVE-2017-12652

OESA-2024-2091

OPENSUSE-SU-2024:10971-1

OPENSUSE-SU-2024:10972-1

RHSA-2020:3901

RHSA-2020_3901

SUSE-SU-2019:3060-2

SUSE-SU-2019_3060-1

SUSE-SU-2019_3060-2

SUSE-SU-2020:0911-1

SUSE-SU-2020_0911-1

SUSE-SU-2023:3799-1

SUSE-SU-2023_3799-1

SUSE-SU-2026:1716-1

USN-5432-1

USN-5432-2

Affected Products

Alt Linux

Astra Linux

Centos

Red Hat

Suse

Ubuntu

Libpng

PT-2017-4283 · Png Development+6 · Libpng+6

CVE-2017-12652

Weakness Enumeration

Related Identifiers

Affected Products

References · 71