Memory leak in the embedded_profile_len function in pngwutil.c in libpng prior to 1.2.39beta5 allows context-dependent malicious users to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libpng libpng 1.2.39 |
||
libpng libpng |