CVE-2013-7354Heap-based Buffer Overflow in Libpng

CWE-189CWE-122Heap-based Buffer OverflowCWE-190Integer Overflow or Wraparound13 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.6%
top 31.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libpng
Timeline
PublishedMay 6
Latest updateMay 17

Description

Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDlibpng/libpng1.5.13+14

🔴Vulnerability Details

3
GHSA
GHSA-65xw-3h2x-5pw4: Multiple integer overflows in libpng before 12022-05-17
OSV
CVE-2013-7354: Multiple integer overflows in libpng before 12014-05-06
CVEList
CVE-2013-7354: Multiple integer overflows in libpng before 12014-05-06

📋Vendor Advisories

2
Red Hat
libpng: integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2()2014-04-11
Debian
CVE-2013-7354: libpng1.6 - Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to...2013

💬Community

7
Bugzilla
CVE-2013-7353 CVE-2013-7354 mingw32-libpng: various flaws [epel-5]2014-04-11
Bugzilla
CVE-2013-7353 CVE-2013-7354 mingw-libpng: various flaws [fedora-19]2014-04-11
Bugzilla
CVE-2013-7353 CVE-2013-7354 libpng: various flaws [fedora-19]2014-04-11
Bugzilla
CVE-2013-7353 CVE-2013-7354 mingw32-libpng: various flaws [epel-6]2014-04-11
Bugzilla
CVE-2013-7354 libpng: integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2()2014-04-11