CVE-2014-9495 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libpng

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow CWE-120 — Classic Buffer Overflow14 documents7 sources

Severity

8.8HIGHNVD

EPSS

3.5%

top 12.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libpng1.6 Debian Texlive-bin Apple MAC OS X +3 more

Timeline

PublishedJan 10

Latest updateMay 17

Description

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶debiandebian/libpng1.6< libpng1.6 1.6.16-1 (bookworm)

▶NVDlibpng/libpng1.5.20+16

▶debiandebian/texlive-bin< libpng1.6 1.6.16-1 (bookworm)

▶NVDapple/mac_os_x10.11.3

▶NVDoracle/solaris11.2

🔴Vulnerability Details

GHSA

GHSA-wpr3-pfv2-chjq: Heap-based buffer overflow in the png_combine_row function in libpng before 1↗2022-05-17

▶

GHSA

GHSA-5gg5-9r5r-wpgh: Buffer overflow in the png_read_IDAT_data function in pngrutil↗2022-05-17

▶

OSV

CVE-2015-0973: Buffer overflow in the png_read_IDAT_data function in pngrutil↗2015-01-18

▶

OSV

CVE-2014-9495: Heap-based buffer overflow in the png_combine_row function in libpng before 1↗2015-01-10

▶

📋Vendor Advisories

Debian

CVE-2015-0973: libpng1.6 - Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng befor...↗2015

▶

Red Hat

libpng: Heap-buffer overflow png_combine_row() with very wide interlaced images↗2014-12-22

▶

Red Hat

libpng: buffer overflow in png_combine_row↗2014-12-22

▶

Debian

CVE-2014-9495: libpng1.6 - Heap-based buffer overflow in the png_combine_row function in libpng before 1.5....↗2014

▶

Apple

CVE-2014-9495: OS X El Capitan v10.11.4 and Security Update 2016-002↗

▶

💬Community

Bugzilla

CVE-2014-9495 libpng: buffer overflow in png_combine_row↗2015-01-06

▶

Bugzilla

CVE-2014-9495 libpng15: libpng: buffer overflow in png_combine_row [fedora-all]↗2015-01-06

▶

Bugzilla

CVE-2014-9495 libpng: buffer overflow in png_combine_row [fedora-all]↗2015-01-06

▶