Description
Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://sourceforge.net/p/libpng/bugs/199/
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q2/83
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67345
Scores
CVSS v3
6.5
EPSS
0.0041
EPSS Percentile
61.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-190
CWE-122
CWE-189
Status
published
Products (15)
libpng/libpng
1.5.0 beta
libpng/libpng
1.5.1 (2 CPE variants)
libpng/libpng
1.5.2 (2 CPE variants)
libpng/libpng
1.5.3 beta
libpng/libpng
1.5.4 (2 CPE variants)
libpng/libpng
1.5.5 (2 CPE variants)
libpng/libpng
1.5.6 (2 CPE variants)
libpng/libpng
1.5.7 (2 CPE variants)
libpng/libpng
1.5.8 (2 CPE variants)
libpng/libpng
1.5.9 (2 CPE variants)
... and 5 more
Published
May 06, 2014
Tracked Since
Feb 18, 2026