Vulnerability Note VU#684412
libpng denial-of-service vulnerability
libpng versions 1.6.0 through 1.6.9 contain a denial-of-service vulnerability.
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') - CVE-2014-0333
Glenn Randers Pehrson of the PNG Development Group reports:
Decoding a malformed .png file may cause the target application to become unresponsive.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|libpng||Affected||-||25 Feb 2014|
CVSS Metrics (Learn More)
Thanks to Glenn Randers-Pehrson for reporting this vulnerability.
This document was written by Todd Lewellen.
- CVE IDs: CVE-2014-0333
- Date Public: 25 Feb 2014
- Date First Published: 25 Feb 2014
- Date Last Updated: 25 Feb 2014
- Document Revision: 4
If you have feedback, comments, or additional information about this vulnerability, please send us email.