CVE-2020-28248

Published February 20th, 2021

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file.

gemini-testing/png-img

Lite libpng wrapper for node.js

GitHub