CVE Vulnerabilities

CVE-2014-0333

Published: Feb 27, 2014 | Modified: Mar 26, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
LOW

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

Affected Software

Name Vendor Start Version End Version
Libpng Libpng 1.6.0 (including) 1.6.0 (including)
Libpng Libpng 1.6.0-beta (including) 1.6.0-beta (including)
Libpng Libpng 1.6.1 (including) 1.6.1 (including)
Libpng Libpng 1.6.1-beta (including) 1.6.1-beta (including)
Libpng Libpng 1.6.2 (including) 1.6.2 (including)
Libpng Libpng 1.6.2-beta (including) 1.6.2-beta (including)
Libpng Libpng 1.6.3 (including) 1.6.3 (including)
Libpng Libpng 1.6.3-beta (including) 1.6.3-beta (including)
Libpng Libpng 1.6.4 (including) 1.6.4 (including)
Libpng Libpng 1.6.4-beta (including) 1.6.4-beta (including)
Libpng Libpng 1.6.5 (including) 1.6.5 (including)
Libpng Libpng 1.6.6 (including) 1.6.6 (including)
Libpng Libpng 1.6.7 (including) 1.6.7 (including)
Libpng Libpng 1.6.7-beta (including) 1.6.7-beta (including)
Libpng Libpng 1.6.8 (including) 1.6.8 (including)
Libpng Libpng 1.6.8-beta (including) 1.6.8-beta (including)
Libpng Libpng 1.6.9 (including) 1.6.9 (including)
Libpng Libpng 1.6.9-beta (including) 1.6.9-beta (including)

References