ID CVE-2018-14048
Summary An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
References
Vulnerable Configurations
  • cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 27-06-2022 - 17:35)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bugtraq 20190417 [slackware-security] libpng (SSA:2019-107-01)
confirm http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
gentoo GLSA-201908-02
misc
Last major update 27-06-2022 - 17:35
Published 13-07-2018 - 16:29
Last modified 27-06-2022 - 17:35
Back to Top