flif 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk memory corruption and バッファオーバーフロー があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact memory corruption and アプリケーションクラッシュ などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2017-14232 | The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file. | [email protected] | 5.5 | 0.24% | 2019-08-15 | 2024-11-21 |
| CVE-2019-14373 | An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a heap-based buffer over-read in libpng via a crafted flif file. | [email protected] | 7.8 | 0.25% | 2019-07-28 | 2024-11-21 |
| CVE-2018-14876 | An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width. | [email protected] | 5.5 | 0.17% | 2018-08-03 | 2024-11-21 |
| CVE-2018-12109 | An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC<FileIO>::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PAM image file. | [email protected] | 7.8 | 0.26% | 2018-06-11 | 2024-11-21 |
| CVE-2018-11507 | An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp. | [email protected] | 6.5 | 0.31% | 2018-05-28 | 2024-11-21 |
| CVE-2018-10972 | An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted file. | [email protected] | 7.8 | 0.26% | 2018-05-10 | 2024-11-21 |
| CVE-2018-10971 | An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.hpp allows remote attackers to cause a denial of service (attempted excessive memory allocation) via a crafted file. | [email protected] | 5.5 | 0.21% | 2018-05-10 | 2024-11-21 |