CVE-2012-3425: Improper Restriction of Operations within the Bounds of a Memory Buffer

August 13, 2012 (updated October 30, 2018)

The png_push_read_zTXt function in pngpread.c in libpng allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.

References

nvd.nist.gov/vuln/detail/CVE-2012-3425

Code Behaviors & Features

Detect and mitigate CVE-2012-3425 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →