CVE-2014-9495

HIGH

libpng <1.5.21, <1.6.16 - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

Exploits (1)

nomisec WORKING POC

by Enessar · poc

https://github.com/Enessar/LibPNG_OSS-Fuzz

View Code ZIP pw:eip

References (11)

[Mailing List] http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

[Third Party Advisory] http://secunia.com/advisories/62725

[Product] http://sourceforge.net/p/png-mng/mailman/message/33172831/

[Product] http://sourceforge.net/p/png-mng/mailman/message/33173461/

[Mailing List] http://www.openwall.com/lists/oss-security/2015/01/04/3

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/71820

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1031444

[Vendor Advisory] https://support.apple.com/HT206167

[Mailing List] http://www.openwall.com/lists/oss-security/2015/01/10/1

[Mailing List] http://www.openwall.com/lists/oss-security/2015/01/10/3

Scores

CVSS v3 8.8

EPSS 0.0349

EPSS Percentile 87.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-119 CWE-122

Status draft

Affected Products (31)

apple/mac_os_x < 10.11.3

libpng/libpng < 1.5.20

libpng/libpng

... and 16 more

Timeline

Published Jan 10, 2015

Tracked Since Feb 18, 2026