{"id":"CVE-2020-28248","details":"An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file.","aliases":["GHSA-q5wr-fvpq-p67g"],"modified":"2026-04-11T09:46:24.938090Z","published":"2021-02-20T00:15:12.483Z","references":[{"type":"ADVISORY","url":"https://github.com/gemini-testing/png-img/compare/v3.0.0...v3.1.0"},{"type":"FIX","url":"https://github.com/gemini-testing/png-img/commit/14ac462a32ca4b3b78f56502ac976d5b0222ce3d"},{"type":"PACKAGE","url":"https://github.com/gemini-testing/png-img"},{"type":"EVIDENCE","url":"https://securitylab.github.com/advisories/GHSL-2020-142-gemini-png-img"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gemini-testing/png-img","events":[{"introduced":"0"},{"fixed":"3665569bac8aaa01014add5cb79801645fd94e3c"},{"fixed":"14ac462a32ca4b3b78f56502ac976d5b0222ce3d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.1.0"}]}}],"versions":["v0.1.1","v0.2.0","v0.2.1","v0.3.0","v0.4.0","v0.4.1","v1.0.0","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.1.4","v2.0.0","v2.1.0","v2.1.1","v2.2.0","v2.3.0","v3.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28248.json","vanir_signatures_modified":"2026-04-11T09:46:24Z","vanir_signatures":[{"signature_type":"Function","id":"CVE-2020-28248-0a0dfe46","signature_version":"v1","deprecated":false,"source":"https://github.com/gemini-testing/png-img/commit/14ac462a32ca4b3b78f56502ac976d5b0222ce3d","digest":{"length":253,"function_hash":"247540405358534864148916063282642105731"},"target":{"function":"PngImg::InitStorage_","file":"src/PngImg.cc"}},{"signature_type":"Line","id":"CVE-2020-28248-e7d4e48e","signature_version":"v1","deprecated":false,"source":"https://github.com/gemini-testing/png-img/commit/14ac462a32ca4b3b78f56502ac976d5b0222ce3d","digest":{"threshold":0.9,"line_hashes":["236923606706807126852737180229274119136","239734977927648997720820885809752257972","289798947922595080307175432979138576455","238842229380349258414681969259940006383","3128312757959955466674962830250232240","305968787605953264195244417358628798401"]},"target":{"file":"src/PngImg.cc"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}