First published: Fri Jan 21 2022(Updated: )
A vulnerability was reported in Libpng where the input buffer might not have the same length as the pre-defined value hardcoded in the pngimage so that the index is out of bound in the later loop. References: <a href="https://github.com/glennrp/libpng/issues/302">https://github.com/glennrp/libpng/issues/302</a>
Affected Software | Affected Version | How to fix |
---|---|---|
libp2p |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of REDHAT-BUG-2043393 is categorized as moderate due to potential out-of-bounds access.
To fix REDHAT-BUG-2043393, update to the latest version of Libpng that addresses this vulnerability.
The potential impacts of REDHAT-BUG-2043393 include crashes and possible arbitrary code execution due to out-of-bounds memory access.
All versions of Libpng prior to the fixed release addressing REDHAT-BUG-2043393 are affected.
Currently, the best workaround for REDHAT-BUG-2043393 is to avoid using vulnerable versions of Libpng until an update is applied.