“While it’s true this bug existed in the libpng library for three decades, this is not a doomsday-level threat,” said Satnam Narang, senior staff research engineer at Tenable, the firm behind the Nessus vulnerability assessment scanner.
The vulnerable png_set_quantize function, previously called png_set_dither, is rarely used and exploitation of the flaw is tricky.
These factors lower the true severity of this flaw despite the “high” severity rating and CVSS score of 8.3, according to Narang.
