Greg Roelofs: >> Libpng >> 1.0.14 Security Vulnerabilities
Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.
CVSS Score
7.5
EPSS Score
0.068
Published
2002-12-26
Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.
CVSS Score
5.0
EPSS Score
0.005
Published
2002-08-12