Computer Security
[EN] securityvulns.ru no-pyccku


libpng security vulnerabilities
updated since 15.05.2014
Published:20.04.2015
Source:
SecurityVulns ID:13773
Type:library
Threat Level:
6/10
Description:Few integer overflows lead to heap buffer overrun.
Affected:libpng : libpng 1.5
CVE:CVE-2014-9495 (Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.)
 CVE-2014-0333 (The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.)
 CVE-2013-7354 (Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.)
 CVE-2013-7353 (Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:090 ] libpng (20.04.2015)
 documentMANDRIVA, [ MDVSA-2014:084 ] libpng (15.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod