CVE-2018-14047

EUVD-2018-5973
An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it. Do NOT use this in sensitive environments, especially DO NOT read PNGs from unknown sources with it!" statement in the master/README.md file
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
pngwriter_projectpngwriter
0.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/fouzhe/security/tree/master/pngwriter
https://github.com/pngwriter/pngwriter/issues/129
https://github.com/fouzhe/security/tree/master/pngwriter
https://github.com/pngwriter/pngwriter/issues/129