6.5

CVE-2013-6954

Exploit
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibpngLibpng Updatebeta Version <= 1.6.8
LibpngLibpng Version1.6.0
LibpngLibpng Version1.6.0 Updatebeta
LibpngLibpng Version1.6.1
LibpngLibpng Version1.6.1 Updatebeta
LibpngLibpng Version1.6.2
LibpngLibpng Version1.6.2 Updatebeta
LibpngLibpng Version1.6.3
LibpngLibpng Version1.6.3 Updatebeta
LibpngLibpng Version1.6.4
LibpngLibpng Version1.6.4 Updatebeta
LibpngLibpng Version1.6.5
LibpngLibpng Version1.6.6
LibpngLibpng Version1.6.7
LibpngLibpng Version1.6.7 Updatebeta
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.69% 0.906
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.libpng.org/pub/png/libpng.html
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
https://access.redhat.com/errata/RHSA-2014:0414
http://marc.info/?l=bugtraq&m=140852886808946&w=2
http://marc.info/?l=bugtraq&m=140852974709252&w=2
http://secunia.com/advisories/58974
http://secunia.com/advisories/59058
http://www-01.ibm.com/support/docview.wss?uid=swg21672080
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
https://access.redhat.com/errata/RHSA-2014:0413
https://www.ibm.com/support/docview.wss?uid=swg21675973
http://advisories.mageia.org/MGASA-2014-0075.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html
http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c
Patch
Exploit
http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/
Patch
http://www.kb.cert.org/vuls/id/650142
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2014:035
http://www.securityfocus.com/bid/64493
https://bugzilla.redhat.com/show_bug.cgi?id=1045561