search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

libpng 1.6.1 through 1.6.7 contain a null-pointer dereference vulnerability

Vulnerability Note VU#650142

Original Release Date: 2014-01-09 | Last Revised: 2014-01-09

Overview

libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images with empty palettes, leading to a null-pointer dereference (crash) in png_do_expand_palette().

Description

The PNG Development Group has reported that "libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images with empty palettes, leading to a null-pointer dereference (crash) in png_do_expand_palette()".

Impact

An attacker may be able to exploit an application that uses libpng to execute arbitrary code or cause a denial-of-service.

Solution

Apply an Update

libpng 1.6.8 has addressed this vulnerability.

Vendor Information

650142
 
Expand all

libpng Affected

Updated:  January 09, 2014

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 3.3 AV:L/AC:M/Au:N/C:P/I:P/A:N
Temporal 2.4 E:U/RL:OF/RC:C
Environmental 2.5 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

http://www.libpng.org/pub/png/libpng.html

Acknowledgements

Thanks to Glenn Randers-Pehrson for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2013-6954
Date Public: 2013-12-19
Date First Published: 2014-01-09
Date Last Updated: 2014-01-09 18:01 UTC
Document Revision: 5

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis