Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pngcrush_project | pngcrush | * |
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pngcrush_project | pngcrush | * |