9.8
CVE-2017-12652
- EPSS 4.11%
- Veröffentlicht 10.07.2019 15:15:10
- Zuletzt bearbeitet 09.06.2025 16:15:26
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvsphere
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.11% | 0.895 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.securityfocus.com/bid/109269
https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE
https://security.netapp.com/advisory/ntap-20220506-0003/
https://support.f5.com/csp/article/K88124225
https://support.f5.com/csp/article/K88124225?utm_source=f5support&%3Butm_medium=RSS
https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55
https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS