[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-6954Date: (C)2014-01-15   (M)2024-03-22


The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-58974
SECUNIA-59058
BID-64493
FEDORA-2014-1754
FEDORA-2014-1766
FEDORA-2014-1770
FEDORA-2014-1778
FEDORA-2014-1803
GLSA-201406-32
MDVSA-2014:035
RHSA-2014:0413
RHSA-2014:0414
SSRT101667
SSRT101668
VU#650142
http://advisories.mageia.org/MGASA-2014-0075.html
http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c
http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/
http://www-01.ibm.com/support/docview.wss?uid=swg21672080
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
http://www.libpng.org/pub/png/libpng.html
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
https://bugzilla.redhat.com/show_bug.cgi?id=1045561
https://www.ibm.com/support/docview.wss?uid=swg21675973
openSUSE-SU-2014:0100

CPE    14
cpe:/a:libpng:libpng:1.6.7:beta
cpe:/a:libpng:libpng:1.6.2
cpe:/a:libpng:libpng:1.6.1
cpe:/a:libpng:libpng:1.6.0
...
OVAL    18
oval:org.secpod.oval:def:106382
oval:org.secpod.oval:def:106404
oval:org.secpod.oval:def:106349
oval:org.secpod.oval:def:106414
...

© SecPod Technologies