CVE-2022-3857: Null Pointer Dereference
First published: Mon Mar 06 2023(Updated: )
A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libpng Libpng | =1.6.38 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this flaw in libpng?
The vulnerability ID is CVE-2022-3857.
What is the severity level of CVE-2022-3857?
The severity level of CVE-2022-3857 is medium.
What is affected by CVE-2022-3857?
The affected software is libpng version 1.6.38.
How can a crafted PNG image exploit this vulnerability?
A crafted PNG image can lead to a segmentation fault and denial of service in the png_setup_paeth_row() function.
Is there a fix available for CVE-2022-3857?
Yes, updating libpng to a version beyond 1.6.38 can fix the vulnerability.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/status
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/libpng
- canonical/libpng libpng
- version/libpng libpng/1.6.38
- status/rejected