VDB

CVE-2017-8401

CVE-2017-8401 PUBLISHED

In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS.

EPSS 0.18% · 39.1th percentile

Risk Scores

EPSS Score
0.18%
39.1th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSswftools0.9.2+git20130725-4, 0, *
Ubuntu:18.04:LTSswftools0.9.2+git20130725-4.1, 0

Timeline

  • May 1, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›