CVE-2013-7353
Mandriva Linux Security Advisory 2014-084
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.
Desbordamiento de enteros en la función png_set_unknown_chunks en libpng/pngset.c en libpng anterior a 1.5.14beta08 permite a atacantes dependientes de contexto causar una denegación de servicio (fallo de segmentación y caída) a través de un imagen manipulado, lo que provoca un desbordamiento de buffer basado en memoria dinámica.
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c. An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-04-10 CVE Reserved
- 2014-05-06 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2014/q2/83 | Mailing List |
|
| http://www.securityfocus.com/bid/67345 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html | 2016-12-31 | |
| http://sourceforge.net/p/libpng/bugs/199 | 2016-12-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | <= 1.5.13 Search vendor "Libpng" for product "Libpng" and version " <= 1.5.13" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.0 Search vendor "Libpng" for product "Libpng" and version "1.5.0" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.1 Search vendor "Libpng" for product "Libpng" and version "1.5.1" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.1 Search vendor "Libpng" for product "Libpng" and version "1.5.1" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.2 Search vendor "Libpng" for product "Libpng" and version "1.5.2" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.2 Search vendor "Libpng" for product "Libpng" and version "1.5.2" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.3 Search vendor "Libpng" for product "Libpng" and version "1.5.3" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.4 Search vendor "Libpng" for product "Libpng" and version "1.5.4" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.4 Search vendor "Libpng" for product "Libpng" and version "1.5.4" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.5 Search vendor "Libpng" for product "Libpng" and version "1.5.5" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.5 Search vendor "Libpng" for product "Libpng" and version "1.5.5" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.6 Search vendor "Libpng" for product "Libpng" and version "1.5.6" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.6 Search vendor "Libpng" for product "Libpng" and version "1.5.6" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.7 Search vendor "Libpng" for product "Libpng" and version "1.5.7" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.7 Search vendor "Libpng" for product "Libpng" and version "1.5.7" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.8 Search vendor "Libpng" for product "Libpng" and version "1.5.8" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.8 Search vendor "Libpng" for product "Libpng" and version "1.5.8" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.9 Search vendor "Libpng" for product "Libpng" and version "1.5.9" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.9 Search vendor "Libpng" for product "Libpng" and version "1.5.9" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.10 Search vendor "Libpng" for product "Libpng" and version "1.5.10" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.11 Search vendor "Libpng" for product "Libpng" and version "1.5.11" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.11 Search vendor "Libpng" for product "Libpng" and version "1.5.11" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.12 Search vendor "Libpng" for product "Libpng" and version "1.5.12" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.13 Search vendor "Libpng" for product "Libpng" and version "1.5.13" | beta |
Affected
| ||||||