Your submission was sent successfully! Close

CVE-2014-0333

Published: 27 February 2014

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

Notes

AuthorNote
mdeslaur
only 1.6.0+
jdstrand
libpng1.6 1.6.8-2 is affected, but not in the Ubuntu archive
Priority

Low

Status

Package Release Status
libpng
Launchpad, Ubuntu, Debian
lucid Not vulnerable

precise Not vulnerable

quantal Not vulnerable

saucy Not vulnerable

trusty Not vulnerable

upstream Needs triage