Libpng : Security Vulnerabilities, CVEs, Published In 2014 (Denial of service)

CVE-2014-0333

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.
Max CVSS
5.0
EPSS Score
0.90%
Published
2014-02-27
Updated
2014-03-26

CVE-2013-7354

Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.
Max CVSS
5.0
EPSS Score
0.65%
Published
2014-05-06
Updated
2016-12-31

CVE-2013-7353

Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.
Max CVSS
5.0
EPSS Score
0.38%
Published
2014-05-06
Updated
2016-12-31

CVE-2013-6954

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
Max CVSS
5.0
EPSS Score
13.29%
Published
2014-01-12
Updated
2018-01-05
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close