CVE-2013-7354
Mandriva Linux Security Advisory 2014-084
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.
Múltiples desbordamientos de enteros en libpng anterior a 1.5.14rc03 permiten a atacantes remotos causar una denegación de servicio (caída) a través de un imagen manipulado hacia la función (1) png_set_sPLT o (2) png_set_text_2, lo que provoca un desbordamiento de buffer basado en memoria dinámica.
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c. An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2014-04-10 CVE Reserved
- 2014-05-06 CVE Published
- 2025-06-09 CVE Updated
- 2025-06-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-189: Numeric Errors
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2014/q2/83 | Mailing List |
|
| http://www.securityfocus.com/bid/67344 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html | 2016-12-31 | |
| http://sourceforge.net/p/libpng/bugs/199 | 2016-12-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | <= 1.5.13 Search vendor "Libpng" for product "Libpng" and version " <= 1.5.13" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.0 Search vendor "Libpng" for product "Libpng" and version "1.5.0" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.1 Search vendor "Libpng" for product "Libpng" and version "1.5.1" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.1 Search vendor "Libpng" for product "Libpng" and version "1.5.1" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.2 Search vendor "Libpng" for product "Libpng" and version "1.5.2" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.2 Search vendor "Libpng" for product "Libpng" and version "1.5.2" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.3 Search vendor "Libpng" for product "Libpng" and version "1.5.3" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.4 Search vendor "Libpng" for product "Libpng" and version "1.5.4" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.4 Search vendor "Libpng" for product "Libpng" and version "1.5.4" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.5 Search vendor "Libpng" for product "Libpng" and version "1.5.5" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.5 Search vendor "Libpng" for product "Libpng" and version "1.5.5" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.6 Search vendor "Libpng" for product "Libpng" and version "1.5.6" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.6 Search vendor "Libpng" for product "Libpng" and version "1.5.6" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.7 Search vendor "Libpng" for product "Libpng" and version "1.5.7" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.7 Search vendor "Libpng" for product "Libpng" and version "1.5.7" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.8 Search vendor "Libpng" for product "Libpng" and version "1.5.8" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.8 Search vendor "Libpng" for product "Libpng" and version "1.5.8" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.9 Search vendor "Libpng" for product "Libpng" and version "1.5.9" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.9 Search vendor "Libpng" for product "Libpng" and version "1.5.9" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.10 Search vendor "Libpng" for product "Libpng" and version "1.5.10" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.11 Search vendor "Libpng" for product "Libpng" and version "1.5.11" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.11 Search vendor "Libpng" for product "Libpng" and version "1.5.11" | beta |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.12 Search vendor "Libpng" for product "Libpng" and version "1.5.12" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | 1.5.13 Search vendor "Libpng" for product "Libpng" and version "1.5.13" | beta |
Affected
| ||||||