Skip to main content

Libpng CVE-2018-14048

MEDIUM
2018-07-13 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 13, 2018 - 16:29 nvd
MEDIUM 6.5

DescriptionNVD

An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.

AnalysisAI

An issue has been found in libpng 1.6.34. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. Affected products include: Libpng, Oracle Jdk, Oracle Jre.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Libpng

View all
CVE-2015-0973 HIGH POC
8.8 Jan 18

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows

CVE-2026-25646 HIGH POC
8.3 Feb 10

Denial of service (with limited memory disclosure) in libpng before 1.6.55 lets an attacker supply a specially crafted b

CVE-2015-8540 HIGH
8.8 Apr 14

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.

CVE-2013-6954 MEDIUM POC
6.5 Jan 12

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL poi

CVE-2025-66293 HIGH POC
7.1 Dec 03

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)

CVE-2025-65018 HIGH POC
7.1 Nov 25

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)

CVE-2025-64720 HIGH POC
7.1 Nov 25

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)

CVE-2019-6129 MEDIUM POC
6.5 Jan 11

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. Rated medium severity (CVS

CVE-2026-22695 MEDIUM POC
6.1 Jan 12

Libpng versions 1.6.51-1.6.53 contain a heap buffer over-read in the simplified API function png_image_finish_read when

CVE-2025-28164 MEDIUM POC
5.5 Jan 27

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_creat

CVE-2025-28162 MEDIUM POC
5.5 Jan 27

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngim

CVE-2014-9495 HIGH
8.8 Jan 10

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running

Share

CVE-2018-14048 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy