CVE-2022-36752

medium

Description

png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file.

References

https://github.com/landfillbaby/png2webp/issues/3

https://github.com/landfillbaby/png2webp/commit/8f21ad79b0cd98fc22d5b49734543101946abbff

Details

Source: Mitre, NVD

Published: 2022-07-28

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.02933