CVE-2013-6954MEDIUM
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
References
http://advisories.mageia.org/MGASA-2014-0075.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html
http://marc.info/?l=bugtraq&m=140852886808946&w=2
http://marc.info/?l=bugtraq&m=140852974709252&w=2
http://secunia.com/advisories/58974
http://secunia.com/advisories/59058
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c
http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/
http://www.kb.cert.org/vuls/id/650142
http://www.libpng.org/pub/png/libpng.html
http://www.mandriva.com/security/advisories?name=MDVSA-2014:035
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
http://www.securityfocus.com/bid/64493
http://www-01.ibm.com/support/docview.wss?uid=swg21672080
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
https://access.redhat.com/errata/RHSA-2014:0413
https://access.redhat.com/errata/RHSA-2014:0414
Details
Source: MITRE
Published: 2014-01-12
Updated: 2018-01-05
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.0:beta:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.1:beta:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.2:beta:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.3:beta:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.4:beta:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.7:beta:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:*:beta:*:*:*:*:*:* versions up to 1.6.8 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 82324 | Mandriva Linux Security Advisory : libpng12 (MDVSA-2015:071) | Nessus | Mandriva Local Security Checks | medium |
| 80046 | openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1) | Nessus | SuSE Local Security Checks | critical |
| 80045 | openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1645-1) | Nessus | SuSE Local Security Checks | critical |
| 79039 | RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2014:0982) | Nessus | Red Hat Local Security Checks | critical |
| 79011 | RHEL 5 / 6 : java-1.6.0-sun (RHSA-2014:0414) | Nessus | Red Hat Local Security Checks | medium |
| 79010 | RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0413) | Nessus | Red Hat Local Security Checks | critical |
| 77812 | IBM Notes 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities | Nessus | Windows | critical |
| 77811 | IBM Domino 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (credentialed check) (POODLE) | Nessus | Windows | critical |
| 77810 | IBM Domino 9.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (uncredentialed check) | Nessus | Misc. | critical |
| 77728 | VMware Security Updates for vCenter Server (VMSA-2014-0008) | Nessus | Misc. | critical |
| 77727 | VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0008) | Nessus | Windows | critical |
| 76900 | RHEL 7 : java-1.7.1-ibm (RHSA-2014:0705) | Nessus | Red Hat Local Security Checks | critical |
| 76870 | AIX Java Advisory : java_apr2014_advisory.asc | Nessus | AIX Local Security Checks | critical |
| 76303 | GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT) | Nessus | Gentoo Local Security Checks | critical |
| 75395 | openSUSE Security Update : libpng16 (openSUSE-SU-2014:0100-1) | Nessus | SuSE Local Security Checks | medium |
| 74387 | Fedora 19 : libpng-1.5.13-3.fc19 (2014-6717) | Nessus | Fedora Local Security Checks | medium |
| 74284 | SuSE 11.3 Security Update : IBM Java 6 (SAT Patch Number 9256) | Nessus | SuSE Local Security Checks | critical |
| 74254 | SuSE 11.3 Security Update : IBM Java 7 (SAT Patch Number 9263) | Nessus | SuSE Local Security Checks | critical |
| 74232 | Fedora 20 : libpng-1.6.6-3.fc20 (2014-6631) | Nessus | Fedora Local Security Checks | medium |
| 74031 | RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:0508) | Nessus | Red Hat Local Security Checks | critical |
| 74007 | SuSE 11.3 Security Update : OpenJDK (SAT Patch Number 9209) | Nessus | SuSE Local Security Checks | critical |
| 74005 | RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2014:0486) | Nessus | Red Hat Local Security Checks | critical |
| 73868 | Debian DSA-2923-1 : openjdk-7 - security update | Nessus | Debian Local Security Checks | critical |
| 73612 | Oracle JRockit R27 < R27.8.2 / R28 < R28.3.2 Multiple Vulnerabilities (April 2014 CPU) | Nessus | Windows | critical |
| 73608 | RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0412) | Nessus | Red Hat Local Security Checks | critical |
| 73571 | Oracle Java SE Multiple Vulnerabilities (April 2014 CPU) (Unix) | Nessus | Misc. | critical |
| 73570 | Oracle Java SE Multiple Vulnerabilities (April 2014 CPU) | Nessus | Windows | critical |
| 73315 | Fedora 20 : mingw-libpng-1.6.10-1.fc20 (2014-4564) | Nessus | Fedora Local Security Checks | medium |
| 72550 | Mandriva Linux Security Advisory : libpng (MDVSA-2014:035) | Nessus | Mandriva Local Security Checks | medium |
| 72447 | Fedora 20 : libpng15-1.5.17-2.fc20 (2014-1803) | Nessus | Fedora Local Security Checks | medium |
| 72446 | Fedora 20 : libpng12-1.2.50-6.fc20 (2014-1770) | Nessus | Fedora Local Security Checks | medium |
| 72445 | Fedora 19 : libpng12-1.2.50-4.fc19 (2014-1766) | Nessus | Fedora Local Security Checks | medium |
| 72378 | Fedora 20 : libpng10-1.0.60-6.fc20 (2014-1778) | Nessus | Fedora Local Security Checks | medium |
| 72377 | Fedora 19 : libpng10-1.0.60-6.fc19 (2014-1754) | Nessus | Fedora Local Security Checks | medium |