CVE-2013-6954 — Vulnetix

Try Vulnetix Request Demo

CVE-2013-6954 PUBLISHED CVSS 5 MEDIUM

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.

EPSS 3.55% · 87.6th percentile

Risk Scores

CVSS v2.0

5

EPSS Score

3.55%

87.6th percentile

Affected Products

Vendor	Product	Versions
libpng	libpng	1.6.3, 0, 1.6.0
n/a	n/a	n/a

Timeline

Jan 12, 2014 CVE Published
Jan 5, 2018 CVE Updated
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Aug 25, 2023 EPSS Score

References

https://www.ibm.com/support/docview.wss?uid=swg21675973 url
RHSA-2014:0414 vendor-advisory
GLSA-201406-32 vendor-advisory
http://advisories.mageia.org/MGASA-2014-0075.html url
FEDORA-2014-1803 vendor-advisory
openSUSE-SU-2014:0100 vendor-advisory
HPSBUX03091 vendor-advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21672080 url
http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c url
VU#650142 third-party-advisory
RHSA-2014:0413 vendor-advisory
59058 third-party-advisory
HPSBUX03092 vendor-advisory
64493 vdb
58974 third-party-advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html url
https://bugzilla.redhat.com/show_bug.cgi?id=1045561 url
MDVSA-2014:035 vendor-advisory
FEDORA-2014-1754 vendor-advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676746 url

…and 8 more

Open in Interactive Console →