CVE-2013-6954
Published: 12 January 2014
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
Notes
Author | Note |
---|---|
mdeslaur | vulnerable code introduced in 1.6.1. In 1.2.x, png_ptr->palette is always set in png_set_PLTE() in pngset.c. |
jdstrand | openjdk uses system png |
Priority
Status
Package | Release | Status |
---|---|---|
libpng Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
upstream |
Released
(1.6.8)
|
|
Patches: upstream: http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c |
||
openjdk-7 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was ignored [uses system libjpeg6b])
|
|
upstream |
Released
(7u55-2.4.7-1)
|