png-img@2.3.0

Vulnerabilities

1 via 1 paths

Dependencies

1

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Buffer Overflow

  • Vulnerable module: png-img
  • Introduced through: png-img@2.3.0

Detailed paths

  • Introduced through: png-img@2.3.0
    Remediation: Upgrade to png-img@3.1.0.

Overview

png-img is a PNG Image

Affected versions of this package are vulnerable to Buffer Overflow via the PngImg::InitStorage_() function. It leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file.

Remediation

Upgrade png-img to version 3.1.0 or higher.

References