CVE-2014-0333 — Vulnetix

CVE-2014-0333 PUBLISHED CVSS 5 MEDIUM

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

EPSS 0.76% · 73.8th percentile

Risk Scores

CVSS 2.0

EPSS Score

0.76%

73.8th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
libpng	libpng	1.6.0, 1.6.0, 1.6.1

Exploit Intelligence

ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff (circl)
https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff (circl)
openSUSE-SU-2014:0358 (circl)
VU#684412 (circl)

Timeline

Feb 27, 2014 CVE Published
Mar 26, 2014 CVE Updated
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 16, 2023 EPSS Score

References

ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff url
https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff url
openSUSE-SU-2014:0358 vendor-advisory
VU#684412 third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2014-0333 advisory

Open in Interactive Console →