CVE-2014-9495
published 2015-01-10CVE-2014-9495: Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow…
PriorityP348high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
3.89%
88.9th percentile
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | <= 10.11.3 | — |
| apple | os_x_el_capitan_v10.11.4_and_security_update_2016-002 | — | — |
| debian | libpng1.6 | < libpng1.6 1.6.16-1 (bookworm) | libpng1.6 1.6.16-1 (bookworm) |
| debian | texlive-bin | < libpng1.6 1.6.16-1 (bookworm) | libpng1.6 1.6.16-1 (bookworm) |
| libpng | libpng | <= 1.5.20 | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| libpng | libpng | — | — |
| oracle | solaris | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2015-0973: libpng1.6 - Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng befor...
vendor_debian·2015·CVSS 8.8
CVE-2015-0973 [HIGH] CVE-2015-0973: libpng1.6 - Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng befor...
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
Scope: local
bookworm: resolved (fixed in 1.6.16-1)
bullseye: resolved (fixed in 1.6.16-1)
forky: resolved (fixed in 1.6.16-1)
sid: resolved (fixed in 1.6.16-1)
trixie: resolved (fixed in 1.6.16-1)
Red Hat
libpng: Heap-buffer overflow png_combine_row() with very wide interlaced images
vendor_redhat·2014-12-22·CVSS 8.8
CVE-2015-0973 [HIGH] CWE-122 libpng: Heap-buffer overflow png_combine_row() with very wide interlaced images
libpng: Heap-buffer overflow png_combine_row() with very wide interlaced images
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
Statement: Not vulnerable. This issue does not affect the version of libpng as shipped with Red Hat Enterprise Linux 5, 6 and 7. For a more detailed explanation please refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1177327#c1
Package: libpng (Red Hat Enterprise Linux 5) - Not affected
Package: libpng (Red Hat Enterprise Linux 6) - Not affected
Package: libpng (Red Hat Enterprise Linux 7) - Not affected
Red Hat
libpng: buffer overflow in png_combine_row
vendor_redhat·2014-12-22·CVSS 8.8
CVE-2014-9495 [HIGH] libpng: buffer overflow in png_combine_row
libpng: buffer overflow in png_combine_row
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
Statement: Not vulnerable. This issue does not affect the version of libpng as shipped with Red Hat Enterprise Linux 5, 6 and 7. For a more detailed explanation please refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1177327#c1
Package: libpng (Red Hat Enterprise Linux 5) - Not affected
Package: libpng (Red Hat Enterprise Linux 6) - Not affected
Package: libpng (Red Hat Enterprise Linux 7) - Not affected
Package: libpng12 (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2014-9495: libpng1.6 - Heap-based buffer overflow in the png_combine_row function in libpng before 1.5....
vendor_debian·2014·CVSS 8.8
CVE-2014-9495 [HIGH] CVE-2014-9495: libpng1.6 - Heap-based buffer overflow in the png_combine_row function in libpng before 1.5....
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
Scope: local
bookworm: resolved (fixed in 1.6.16-1)
bullseye: resolved (fixed in 1.6.16-1)
forky: resolved (fixed in 1.6.16-1)
sid: resolved (fixed in 1.6.16-1)
trixie: resolved (fixed in 1.6.16-1)
Apple
CVE-2014-9495: OS X El Capitan v10.11.4 and Security Update 2016-002
vendor_apple·CVSS 8.8
CVE-2014-9495 [HIGH] CVE-2014-9495: OS X El Capitan v10.11.4 and Security Update 2016-002
Apple Security Update: About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002
Product: OS X El Capitan v10.11.4 and Security Update 2016-002
CVE: CVE-2014-9495
Component: CVE-2014-9495
GHSA
GHSA-wpr3-pfv2-chjq: Heap-based buffer overflow in the png_combine_row function in libpng before 1
ghsa_unreviewed·2022-05-17
CVE-2014-9495 [HIGH] CWE-119 GHSA-wpr3-pfv2-chjq: Heap-based buffer overflow in the png_combine_row function in libpng before 1
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
GHSA
GHSA-5gg5-9r5r-wpgh: Buffer overflow in the png_read_IDAT_data function in pngrutil
ghsa_unreviewed·2022-05-17·CVSS 8.8
CVE-2015-0973 [HIGH] CWE-119 GHSA-5gg5-9r5r-wpgh: Buffer overflow in the png_read_IDAT_data function in pngrutil
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
OSV
CVE-2015-0973: Buffer overflow in the png_read_IDAT_data function in pngrutil
osv·2015-01-18·CVSS 8.8
CVE-2015-0973 [HIGH] CVE-2015-0973: Buffer overflow in the png_read_IDAT_data function in pngrutil
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
OSV
CVE-2014-9495: Heap-based buffer overflow in the png_combine_row function in libpng before 1
osv·2015-01-10·CVSS 8.8
CVE-2014-9495 [HIGH] CVE-2014-9495: Heap-based buffer overflow in the png_combine_row function in libpng before 1
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-9495 libpng: buffer overflow in png_combine_row
bugzilla·2015-01-06·CVSS 8.8
CVE-2014-9495 [HIGH] CVE-2014-9495 libpng: buffer overflow in png_combine_row
CVE-2014-9495 libpng: buffer overflow in png_combine_row
It was reported [1] that libpng versions 1.6.9-1.6.15 contain heap overflow vulnerability, that under certain circumstances [2] can allow a controlled write.
Other versions of libpng might be vulnerable as well.
This looks like the upstream commit that fixes this:
http://sourceforge.net/p/libpng/code/ci/dc294204b641373bc6eb603075a8b98f51a75dd8/
[1]: http://seclists.org/oss-sec/2015/q1/31
[2]: http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt
Discussion:
Created libpng tracking bugs for this issue:
Affects: fedora-all [bug 1179188]
---
Created libpng15 tracking bugs for this issue:
Affects: fedora-all [bug 1179189]
---
*** This bug has been marked as a duplicate of bug 1177327 ***
---
Statement:
Not vulnerable. This
Bugzilla
CVE-2014-9495 libpng15: libpng: buffer overflow in png_combine_row [fedora-all]
bugzilla·2015-01-06·CVSS 8.8
CVE-2014-9495 [HIGH] CVE-2014-9495 libpng15: libpng: buffer overflow in png_combine_row [fedora-all]
CVE-2014-9495 libpng15: libpng: buffer overflow in png_combine_row [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions o
Bugzilla
CVE-2014-9495 libpng: buffer overflow in png_combine_row [fedora-all]
bugzilla·2015-01-06·CVSS 8.8
CVE-2014-9495 [HIGH] CVE-2014-9495 libpng: buffer overflow in png_combine_row [fedora-all]
CVE-2014-9495 libpng: buffer overflow in png_combine_row [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora.
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlhttp://secunia.com/advisories/62725http://sourceforge.net/p/png-mng/mailman/message/33172831/http://sourceforge.net/p/png-mng/mailman/message/33173461/http://www.openwall.com/lists/oss-security/2015/01/04/3http://www.openwall.com/lists/oss-security/2015/01/10/1http://www.openwall.com/lists/oss-security/2015/01/10/3http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/71820http://www.securitytracker.com/id/1031444https://support.apple.com/HT206167http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlhttp://secunia.com/advisories/62725http://sourceforge.net/p/png-mng/mailman/message/33172831/http://sourceforge.net/p/png-mng/mailman/message/33173461/http://www.openwall.com/lists/oss-security/2015/01/04/3http://www.openwall.com/lists/oss-security/2015/01/10/1http://www.openwall.com/lists/oss-security/2015/01/10/3http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/71820http://www.securitytracker.com/id/1031444https://support.apple.com/HT206167
2015-01-10
Published