PT-2018-12302 · Png Development+2 · Libpng+2

Ax3L

Published

2018-07-13

Updated

2026-04-14

CVE-2018-14048

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libpng version 1.6.34

Description The issue is related to a SEGV in the function png free data in png.c, which is connected to the recommended error handling for png read image.

Recommendations For libpng version 1.6.34, consider applying the recommended error handling for png read image to prevent the SEGV in the png free data function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2018-2451

ALT-PU-2019-2547

CLEANSTART-2026-NJ21771

CVE-2018-14048

OPENSUSE-SU-2024:10972-1

USN-5432-1

USN-5432-2

Affected Products

Alt Linux

Ubuntu

Libpng

PT-2018-12302 · Png Development+2 · Libpng+2

CVE-2018-14048

Related Identifiers

Affected Products

References · 37