CVE-2018-14047

{"id": "CVE-2018-14047", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-07-13T16:29:00.330", "references": [{"url": "https://github.com/fouzhe/security/tree/master/pngwriter", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/pngwriter/pngwriter/issues/129", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/fouzhe/security/tree/master/pngwriter", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/pngwriter/pngwriter/issues/129", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a \"Warning: PNGwriter was never designed for reading untrusted files with it. Do NOT use this in sensitive environments, especially DO NOT read PNGs from unknown sources with it!\" statement in the master/README.md file"}, {"lang": "es", "value": "** EN DISPUTA ** Se ha encontrado un problema en PNGwriter 0.7.0. Es un SEGV en pngwriter::readfromfile en pngwriter.cc. NOTA: hay un aviso de \"Atenci\u00f3n: PNGwriter nunca fue dise\u00f1ado para leer archivos no fiables. \u00a1NO lo emplee en entornos sensibles y, especialmente, NO lo emplee para leer PNG de fuentes desconocidas!\" en el archivo master/README.md"}], "lastModified": "2024-11-21T03:48:30.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pngwriter_project:pngwriter:0.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5EE0135-DD6D-4867-941D-56C1D0D5C12A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}