Vulnerability identifier: #VU17708
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
Universal components / Libraries / Libraries used by multiple products
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to a use-after-free memory error in the png_image_free function, as defined in the png.c source code file when calling on png_safe_execute. A remote attacker can send specially crafted data, trigger a call on png_safe_execute and trigger memory corruption, resulting in a DoS condition.
Update to the latest version.
Vulnerable software versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?