Fluid Attacks Database

Description

Out-of-bounds write in libpng An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
nuget	libpng	>=0 <1.6.37	1.6.37
debian 14	libpng1.6	>=0 <1.6.37-1	1.6.37-1
alpine v3.11	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.37-r0	1.6.37-r0
alpine v3.17	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.37-r0	1.6.37-r0
alpine v3.14	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.37-r0	1.6.37-r0
alpine v3.15	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.37-r0	1.6.37-r0
alpine v3.16	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.37-r0	1.6.37-r0
alpine v3.10	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.37-r0	1.6.37-r0
alpine v3.8	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.37-r0	1.6.37-r0
alpine v3.9	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.37-r0	1.6.37-r0

1-10 of 23

Aliases

1. CVE-2018-145502. NVD-2018-145503. OSV-2018-145504. OSV-DEBIAN-2018-145505. OSV-ALPINE-2018-145506. GCVE-2018-145507. security.gentoo.org8. SECURITY-TRACKER-CVE-2018-145509. SECURITY-CVE-2018-14550

References

1. https://github.com/glennrp/libpng/issues/2462. https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token3. https://security.netapp.com/advisory/ntap-20221028-00014. https://www.oracle.com/security-alerts/cpuApr2021.html5. https://www.oracle.com/security-alerts/cpuoct2021.html