Buffer Overflow Vulnerability in libpng Allows Arbitrary Memory Overwrite via Crafted PNG Image

Buffer Overflow Vulnerability in libpng Allows Arbitrary Memory Overwrite via Crafted PNG Image

CVE-2011-2690 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

Learn more about our Web Application Penetration Testing UK.