Improper Check for Unusual or Exceptional Conditions Affecting libpng package, versions [,1.6.37)


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.76% (73rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-LIBPNG-2334987
  • published12 Jan 2022
  • disclosed13 Jul 2018
  • creditUnknown

Introduced: 13 Jul 2018

CVE-2018-14048  (opens in a new tab)
CWE-754  (opens in a new tab)

How to fix?

Upgrade libpng to version 1.6.37 or higher.

Overview

Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions. An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.

CVSS Base Scores

version 3.1