An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-19T23:05:09

Updated: 2024-08-04T16:33:58.211Z

Reserved: 2020-11-06T00:00:00

Link: CVE-2020-28248

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-02-20T00:15:12.483

Modified: 2024-11-21T05:22:31.027

Link: CVE-2020-28248

cve-icon Redhat

No data.