Vulnerability Description
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libpng | Libpng | < 1.6.32 |
| Netapp | Active Iq Unified Manager | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/109269Broken LinkThird Party AdvisoryVDB Entry
- https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/Release NotesThird Party Advisory
- https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d
- https://security.netapp.com/advisory/ntap-20220506-0003/Third Party Advisory
- https://support.f5.com/csp/article/K88124225Third Party Advisory
- https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium
- http://www.securityfocus.com/bid/109269Broken LinkThird Party AdvisoryVDB Entry
- https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/Release NotesThird Party Advisory
- https://security.netapp.com/advisory/ntap-20220506-0003/Third Party Advisory
- https://support.f5.com/csp/article/K88124225Third Party Advisory
- https://support.f5.com/csp/article/K88124225?utm_source=f5support&%3Butm_medi
FAQ
What is CVE-2017-12652?
CVE-2017-12652 is a vulnerability with a CVSS score of 9.8 (CRITICAL). libpng before 1.6.32 does not properly check the length of chunks against the user limit.
How severe is CVE-2017-12652?
CVE-2017-12652 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-12652?
Check the references section above for vendor advisories and patch information. Affected products include: Libpng Libpng, Netapp Active Iq Unified Manager.