Vulnerability Details : CVE-2017-12652
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
Vulnerability category: Input validation
Products affected by CVE-2017-12652
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-12652
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-12652
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-12652
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-12652
-
http://www.securityfocus.com/bid/109269
libpng CVE-2017-12652 Security Bypass VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
https://security.netapp.com/advisory/ntap-20220506-0003/
CVE-2017-12652 Libpng Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS
libpng vulnerability CVE-2017-12652Third Party Advisory
-
https://support.f5.com/csp/article/K88124225
libpng vulnerability CVE-2017-12652Third Party Advisory
-
https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE
libpng/ANNOUNCE at df7e9dae0c4aac63d55361e35709c864fa1b8363 · glennrp/libpng · GitHubRelease Notes;Third Party Advisory
Jump to