Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng prior to 1.2.22 beta1 allows remote malicious users to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libpng libpng |