Numeric Errors Affecting libpng1.6 package, versions <1.6.10-1
Threat Intelligence
EPSS
0.9% (83rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-LIBPNG16-520856
- published 27 Feb 2014
- disclosed 27 Feb 2014
Introduced: 27 Feb 2014
CVE-2014-0333 Open this link in a new tabHow to fix?
Upgrade Debian:11 libpng1.6 to version 1.6.10-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream libpng1.6 package and not the libpng1.6 package as distributed by Debian.
See How to fix? for Debian:11 relevant fixed versions and status.
The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.
References
- https://security-tracker.debian.org/tracker/CVE-2014-0333
- http://www.kb.cert.org/vuls/id/684412
- ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff
- https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00029.html
CVSS Scores
version 3.1