Bug 1070985 (CVE-2014-0333) - CVE-2014-0333 libpng: denial of service via png_push_read_chunk()
Summary: CVE-2014-0333 libpng: denial of service via png_push_read_chunk()
Alias: CVE-2014-0333
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1070987 1070988
TreeView+ depends on / blocked
Reported: 2014-02-27 21:17 UTC by Vincent Danen
Modified: 2021-02-17 06:49 UTC (History)
1 user (show)

Fixed In Version: libpng 1.6.10
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-09-05 19:03:51 UTC

Attachments (Terms of Use)

Description Vincent Danen 2014-02-27 21:17:15 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-0333 to
the following vulnerability:

Name: CVE-2014-0333
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333
Assigned: 20131205
Reference: CONFIRM:ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff
Reference: https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff
Reference: CERT-VN:VU#684412
Reference: http://www.kb.cert.org/vuls/id/684412

The png_push_read_chunk function in pngpread.c in the progressive
decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause
a denial of service (infinite loop and CPU consumption) via an IDAT
chunk with a length of zero.

The upstream commit is here:


Note that this only affects libpng 1.6.0 through 1.6.9.

Comment 1 Vincent Danen 2014-02-27 21:23:08 UTC

Not vulnerable. This issue did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 5 or 6.

Comment 2 Vincent Danen 2014-02-27 21:23:46 UTC
Created libpng tracking bugs for this issue:

Affects: fedora-20 [bug 1070987]

Comment 3 Vincent Danen 2014-02-27 21:23:49 UTC
Created mingw-libpng tracking bugs for this issue:

Affects: fedora-20 [bug 1070988]

Comment 4 Fedora Update System 2014-04-02 09:27:03 UTC
mingw-libpng-1.6.10-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.