PT-2022-23605 · Png2Webp · Png2Webp
Halcy0Nic
·
Published
2022-07-28
·
Updated
2022-08-04
·
CVE-2022-36752
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
png2webp version 1.0.4
Description
The issue is related to an out-of-bounds write via the function
w2p(). This can be exploited through a crafted png file.Recommendations
For png2webp version 1.0.4, consider disabling the
w2p() function until a patch is available to prevent potential exploitation via crafted png files.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Png2Webp