CVE-2013-7354

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libpng versions prior to 1.6.10 libpng versions prior to 1.5.14rc03

Description The issue concerns multiple integer overflows in libpng that can be exploited remotely, leading to a denial of service (crash) due to a heap-based buffer overflow. This can occur when a crafted image is processed by the png set sPLT or png set text 2 function.

Recommendations For libpng versions prior to 1.6.10, update to version 1.6.10 or later. For libpng versions prior to 1.5.14rc03, update to version 1.5.14rc03 or later. As a temporary workaround, consider restricting the use of the png set sPLT and png set text 2 functions until a patch is available.

Fix

DoS

Heap Based Buffer Overflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-190CWE-189

Related Identifiers

ALT-PU-2014-2488

BDU:2015-09756

CVE-2013-7354

MGASA-2014-0210

MGASA-2014-0211

OPENSUSE-SU-2024:10184-1

Affected Products

Alt Linux

Suse

Libpng

CVE-2013-7354

Weakness Enumeration

Related Identifiers

Affected Products

References · 29