Integer underflow vulnerability in png_check_keyword function in libpng allows remote attackers to trigger an out-of-bounds read via a space character in a PNG image.

Integer underflow vulnerability in png_check_keyword function in libpng allows remote attackers to trigger an out-of-bounds read via a space character in a PNG image.

CVE-2015-8540 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

Learn more about our Web Application Penetration Testing UK.