CVE-2014-9495

HIGH

libpng <1.5.21, <1.6.16 - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

Exploits (1)

nomisec WORKING POC

by Enessar · poc

https://github.com/Enessar/LibPNG_OSS-Fuzz

View Code ZIP pw:eip

References (11)

Core 11

Core References

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/01/04/3

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/71820

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT206167

Product mailing-list x_refsource_mlist

http://sourceforge.net/p/png-mng/mailman/message/33173461/

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/01/10/1

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/01/10/3

Product mailing-list x_refsource_mlist

http://sourceforge.net/p/png-mng/mailman/message/33172831/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1031444

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/62725

Scores

CVSS v3 8.8

EPSS 0.0349

EPSS Percentile 87.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-119 CWE-122

Status published

Products (18)

apple/mac_os_x < 10.11.3

libpng/libpng 1.6.0 (2 CPE variants)

libpng/libpng 1.6.1 (2 CPE variants)

libpng/libpng 1.6.2 (2 CPE variants)

libpng/libpng 1.6.3 (2 CPE variants)

libpng/libpng 1.6.4 (2 CPE variants)

libpng/libpng 1.6.5

libpng/libpng 1.6.6

libpng/libpng 1.6.7 (2 CPE variants)

libpng/libpng 1.6.8 (2 CPE variants)

... and 8 more

Published Jan 10, 2015

Tracked Since Feb 18, 2026