FLIF 0.3

CPE Details

FLIF 0.3
flif
flif
0.3
2018-07-31
10h43 +00:00
2018-07-31
10h43 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:flif:flif:0.3:*:*:*:*:*:*:*

Informations

Vendor

flif

Product

flif

Version

0.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2017-14232 2019-08-15 14h24 +00:00 The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file.
5.5
Medium
CVE-2019-14373 2019-07-28 16h44 +00:00 An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a heap-based buffer over-read in libpng via a crafted flif file.
7.8
High
CVE-2018-14876 2018-08-02 22h00 +00:00 An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width.
5.5
Medium
CVE-2018-12109 2018-06-11 13h00 +00:00 An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PAM image file.
7.8
High
CVE-2018-11507 2018-05-28 04h00 +00:00 An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp.
6.5
Medium
CVE-2018-10971 2018-05-10 13h00 +00:00 An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.hpp allows remote attackers to cause a denial of service (attempted excessive memory allocation) via a crafted file.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.