Vulnerability Note VU#650142
libpng 1.6.1 through 1.6.7 contain a null-pointer dereference vulnerability
libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images with empty palettes, leading to a null-pointer dereference (crash) in png_do_expand_palette().
The PNG Development Group has reported that "libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images with empty palettes, leading to a null-pointer dereference (crash) in png_do_expand_palette()".
An attacker may be able to exploit an application that uses libpng to execute arbitrary code or cause a denial-of-service.
Apply an Update
libpng 1.6.8 has addressed this vulnerability.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|libpng||Affected||-||09 Jan 2014|
CVSS Metrics (Learn More)
Thanks to Glenn Randers-Pehrson for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: CVE-2013-6954
- Date Public: 19 Dec 2013
- Date First Published: 09 Jan 2014
- Date Last Updated: 09 Jan 2014
- Document Revision: 4
If you have feedback, comments, or additional information about this vulnerability, please send us email.