Base Score

HIGH7.8

CVE-2016-5735

Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.

VectorLOCAL

Published Bycve@mitre.org

Published DateMay 23, 2017, 04:29

Weakness Type (CWE):CWE-190

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://sf.snu.ac.kr/gil.hur/publications/shovel.pdf
https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
https://lists.debian.org/debian-lts-announce/2020/06/msg00028.html

Base Score

HIGH7.8

Weakness Type (CWE):CWE-190

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH