Vulnerability Description
The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libpng | Libpng | 1.6.0 |
Related Weaknesses (CWE)
References
- ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diffPatch
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00029.html
- http://www.kb.cert.org/vuls/id/684412PatchUS Government Resource
- https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.d
- ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diffPatch
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00029.html
- http://www.kb.cert.org/vuls/id/684412PatchUS Government Resource
- https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.d
FAQ
What is CVE-2014-0333?
CVE-2014-0333 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an ...
How severe is CVE-2014-0333?
CVE-2014-0333 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0333?
Check the references section above for vendor advisories and patch information. Affected products include: Libpng Libpng.