CVE-2014-0333

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
libpnglibpng
1.6.0
libpnglibpng
1.6.0:beta
libpnglibpng
1.6.1
libpnglibpng
1.6.1:beta
libpnglibpng
1.6.2
libpnglibpng
1.6.2:beta
libpnglibpng
1.6.3
libpnglibpng
1.6.3:beta
libpnglibpng
1.6.4
libpnglibpng
1.6.4:beta
libpnglibpng
1.6.5
libpnglibpng
1.6.6
libpnglibpng
1.6.7
libpnglibpng
1.6.7:beta
libpnglibpng
1.6.8
libpnglibpng
1.6.8:beta
libpnglibpng
1.6.9
libpnglibpng
1.6.9:beta
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libpng1.6
bullseye
1.6.37-3
fixed
bookworm
1.6.39-2
fixed
sid
1.6.44-2
fixed
trixie
1.6.44-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libpng
saucy
not-affected
quantal
not-affected
precise
not-affected
lucid
not-affected
Common Weakness Enumeration
References
ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff
http://lists.opensuse.org/opensuse-updates/2014-03/msg00029.html
http://www.kb.cert.org/vuls/id/684412
https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff
ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff
http://lists.opensuse.org/opensuse-updates/2014-03/msg00029.html
http://www.kb.cert.org/vuls/id/684412
https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff