CVE-2013-7354

Related Files

Mandriva Linux Security Advisory 2015-071

Posted Mar 27, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-071 - The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c. An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application.

tags | advisory, remote, denial of service, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2013-6954, CVE-2013-7353, CVE-2013-7354

SHA-256 | 79e6f9f1c0221f60661c24bfe726dbe52958e2b9547ab07f77561284659f24eb

Download | Favorite | View

Gentoo Linux Security Advisory 201408-06

Posted Aug 14, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-6 - Multiple vulnerabilities have been discovered in libpng which can allow a remote attacker to cause a Denial of Service condition. Versions less than 1.6.10 are affected.

tags | advisory, remote, denial of service, vulnerability

systems | linux, gentoo

advisories | CVE-2013-7353, CVE-2013-7354, CVE-2014-0333

SHA-256 | d30d09fec9bcf10c9b41888af15d3e75411f140253319d7e244b00fb476a98d7

Download | Favorite | View

Mandriva Linux Security Advisory 2014-084

Posted May 12, 2014

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-084 - An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application.

tags | advisory, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2013-7353, CVE-2013-7354

SHA-256 | a60abe3fca9dbfb31e8be94464a9a310e779cb905f75d8613acc47d39ac65940

Download | Favorite | View