Red Hat Bugzilla – Bug 1070985
CVE-2014-0333 libpng: denial of service via png_push_read_chunk()
Last modified: 2015-09-05 15:03:51 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-0333 to
the following vulnerability:
The png_push_read_chunk function in pngpread.c in the progressive
decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause
a denial of service (infinite loop and CPU consumption) via an IDAT
chunk with a length of zero.
The upstream commit is here:
Note that this only affects libpng 1.6.0 through 1.6.9.
Not vulnerable. This issue did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 5 or 6.
Created libpng tracking bugs for this issue:
Affects: fedora-20 [bug 1070987]
Created mingw-libpng tracking bugs for this issue:
Affects: fedora-20 [bug 1070988]
mingw-libpng-1.6.10-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.