MidnightBSD

Advisories for pngdec_project

CVE-2022-35007

PNGDec commit 8abf6be was discovered to contain a heap buffer overflow via __interceptor_fwrite.part.57 at sanitizer_common_interceptors.inc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
pngdec_project pngdec 1.0.0
pngdec_project pngdec 1.0.1
CVE-2022-35008

PNGDec commit 8abf6be was discovered to contain a stack overflow via /linux/main.cpp.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
pngdec_project pngdec 1.0.0
pngdec_project pngdec 1.0.1
CVE-2022-35009

PNGDec commit 8abf6be was discovered to contain a memory allocation problem via asan_malloc_linux.cpp.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
pngdec_project pngdec 1.0.0
pngdec_project pngdec 1.0.1
CVE-2022-35010

PNGDec commit 8abf6be was discovered to contain a heap buffer overflow via asan_interceptors_memintrinsics.cpp.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
pngdec_project pngdec 1.0.0
pngdec_project pngdec 1.0.1
CVE-2022-35011

PNGDec commit 8abf6be was discovered to contain a global buffer overflow via inflate_fast at /src/inffast.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
pngdec_project pngdec 1.0.0
pngdec_project pngdec 1.0.1
CVE-2022-35012

PNGDec commit 8abf6be was discovered to contain a heap buffer overflow via SaveBMP at /linux/main.cpp.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
pngdec_project pngdec 1.0.0
pngdec_project pngdec 1.0.1
CVE-2022-35013

PNGDec commit 8abf6be was discovered to contain a FPE via SaveBMP at /linux/main.cpp.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
pngdec_project pngdec 1.0.0
pngdec_project pngdec 1.0.1