CVE-2018-14550

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
libpnglibpng
1.6.35
oraclehyperion_infrastructure_technology
11.1.2.6.0
oraclemysql_workbench
𝑥
≤ 8.0.23
netappactive_iq_unified_manager
-
netapponcommand_api_services
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libpng1.6
bullseye
1.6.37-3
fixed
bookworm
1.6.39-2
fixed
sid
1.6.44-2
fixed
trixie
1.6.44-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libpng
bionic
dne
xenial
not-affected
trusty
not-affected
libpng1.6
bionic
not-affected
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
https://github.com/glennrp/libpng/issues/246
https://security.gentoo.org/glsa/201908-02
https://security.netapp.com/advisory/ntap-20221028-0001/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token
https://github.com/glennrp/libpng/issues/246
https://security.gentoo.org/glsa/201908-02
https://security.netapp.com/advisory/ntap-20221028-0001/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html