CVE-2013-6954
Published: 12 January 2014
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
Notes
| Author | Note |
|---|---|
| mdeslaur | vulnerable code introduced in 1.6.1. In 1.2.x, png_ptr->palette is always set in png_set_PLTE() in pngset.c. |
| jdstrand | openjdk uses system png |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libpng Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| raring |
Not vulnerable
|
|
| saucy |
Not vulnerable
|
|
| upstream |
Released
(1.6.8)
|
|
|
Patches: upstream: http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c |
||
|
openjdk-7 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Does not exist
(trusty was ignored [uses system libjpeg6b])
|
|
| upstream |
Released
(7u55-2.4.7-1)
|
|