search menu icon-carat-right cmu-wordmark

CERT Coordination Center


libpng 1.6.1 through 1.6.7 contain a null-pointer dereference vulnerability

Vulnerability Note VU#650142

Original Release Date: 2014-01-09 | Last Revised: 2014-01-09

Overview

libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images with empty palettes, leading to a null-pointer dereference (crash) in png_do_expand_palette().

Description

The PNG Development Group has reported that "libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images with empty palettes, leading to a null-pointer dereference (crash) in png_do_expand_palette()".

Impact

An attacker may be able to exploit an application that uses libpng to execute arbitrary code or cause a denial-of-service.

Solution

Apply an Update

libpng 1.6.8 has addressed this vulnerability.

Vendor Information

650142
Expand all

libpng

Updated:  January 09, 2014

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 3.3 AV:L/AC:M/Au:N/C:P/I:P/A:N
Temporal 2.4 E:U/RL:OF/RC:C
Environmental 2.5 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Glenn Randers-Pehrson for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2013-6954
Date Public: 2013-12-19
Date First Published: 2014-01-09
Date Last Updated: 2014-01-09 18:01 UTC
Document Revision: 4

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.