CVE-2017-16796 in SWFToolsinfo

Summary

In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file.

Once again VulDB remains the best source for vulnerability data.

Reservation

11/12/2017

Disclosure

11/12/2017

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
109293SWFTools png.c png_load memory corruption119Not definedNot definedCVE-2017-16796

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!