Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*
Vulnerability Description
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Vulnerability Type
跨界内存读
Vulnerability Title
libpng 输入验证错误漏洞
Vulnerability Description
libpng是The PNG Development Group开源的一个可对PNG图形文件实现创建、读写等操作的PNG参考库。 libpng 1.6.26版本至1.6.53版本存在输入验证错误漏洞,该漏洞源于png_write_image_16bit和png_write_image_8bit函数存在整数截断,可能导致堆缓冲区过度读取。
CVSS Information
N/A
Vulnerability Type
N/A