CVE-2018-14550

Vulnerability

CVE-2018-14550 is a stack-based buffer overflow vulnerability found in the get_token function of pnm2png.c, a utility in the libpng 1.6.35 distribution. The issue arises when processing specially crafted PNM (Portable Any Map) image files, leading to out-of-bounds writes on the stack [1][4].

Exploitation

To trigger the vulnerability, an attacker must supply a malicious PNM file to the pnm2png tool. The overflow occurs during token parsing without proper bounds checking. No authentication is needed if the tool processes untrusted input. The flaw can be reproduced with address sanitizer (ASan) builds, confirming memory corruption [1][4].

Impact

Successful exploitation can overwrite adjacent stack memory, potentially allowing an attacker to execute arbitrary code or crash the application. The vulnerability is rated as high severity, though it primarily affects the pnm2png utility rather than libpng's core decoding functions [3].

Mitigation

Users should update libpng to a version that includes the fix for this issue. The official libpng repository contains newer releases that resolve the overflow [2]. If updating the library is not immediately possible, avoid processing untrusted PNM files with the pnm2png tool until a patch is applied.