Improper Input Validation Affecting libpng package, versions <1.6.32
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
3.27% (90th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-COCOAPODS-LIBPNG-472125
- published 9 Oct 2019
- disclosed 10 Jul 2019
- credit Unknown
Introduced: 10 Jul 2019
CVE-2017-12652 Open this link in a new tabHow to fix?
Upgrade libpng
to version 1.6.32 or higher.
Overview
libpng is a Portable Network Graphics support library
Affected versions of this package are vulnerable to Improper Input Validation. Does not properly check the length of chunks against the user limit. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions.