fkie_nvd - fkie_cve-2013-7353

fkie_cve-2013-7353

Vulnerability from fkie_nvd

Published

2014-05-06 14:55

Modified

2025-06-09 16:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html
cve@mitre.org	http://seclists.org/oss-sec/2014/q2/83
cve@mitre.org	http://sourceforge.net/p/libpng/bugs/199/	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/67345
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/oss-sec/2014/q2/83
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/p/libpng/bugs/199/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/67345

Impacted products

Vendor	Product	Version
libpng	libpng	*
libpng	libpng	1.5.0
libpng	libpng	1.5.1
libpng	libpng	1.5.1
libpng	libpng	1.5.2
libpng	libpng	1.5.2
libpng	libpng	1.5.3
libpng	libpng	1.5.4
libpng	libpng	1.5.4
libpng	libpng	1.5.5
libpng	libpng	1.5.5
libpng	libpng	1.5.6
libpng	libpng	1.5.6
libpng	libpng	1.5.7
libpng	libpng	1.5.7
libpng	libpng	1.5.8
libpng	libpng	1.5.8
libpng	libpng	1.5.9
libpng	libpng	1.5.9
libpng	libpng	1.5.10
libpng	libpng	1.5.11
libpng	libpng	1.5.11
libpng	libpng	1.5.12
libpng	libpng	1.5.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63A83C24-6658-4687-9391-21EE7969A5E4",
              "versionEndIncluding": "1.5.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "C8BA2974-AF9F-4382-B443-F54354B5623A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE8BC209-45B9-44D6-A26D-0B570ED5BB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "468B1A0E-AF58-42C4-9801-D6F83F283360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6644ED2F-66F3-469D-8233-72FE7321E850",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "B36D610D-F86A-4D46-B0F2-884FFA601C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.3:beta:*:*:*:*:*:*",
              "matchCriteriaId": "C8A976DD-87FA-425D-8E07-E3CFC4D3FD05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F34978D-6ABE-463E-AB48-21CC55B7D157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.4:beta:*:*:*:*:*:*",
              "matchCriteriaId": "3716FF0E-AD20-46F8-B8F6-3EC42D427C90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A4568BB-F5FF-4BBB-9DA3-E66C2BFA2416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.5:beta:*:*:*:*:*:*",
              "matchCriteriaId": "E5300EC4-B3A0-42C5-8D39-67AB75C47153",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "246CF13F-FDC1-499E-9FC1-5624D54E9E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.6:beta:*:*:*:*:*:*",
              "matchCriteriaId": "D5840A8E-AB64-40A9-8BB6-EB6BA51D40B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC66FD43-421B-4223-BA32-EC47B51E1091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.7:beta:*:*:*:*:*:*",
              "matchCriteriaId": "EEC9D57C-47F2-4773-85B6-FFB0C4681E0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F5664B-5AB9-4DE4-99AA-8FD32DBA4A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.8:beta:*:*:*:*:*:*",
              "matchCriteriaId": "5CD1C8E6-DF35-47F7-877F-001AD62B57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7712376-D776-4814-A041-FBFEAC70ADC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.9:beta:*:*:*:*:*:*",
              "matchCriteriaId": "DF69B34E-F7FB-4F4C-AF7D-ACD165B1233B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.10:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F7CC2E64-E48C-4DE6-892D-06A0B806A51B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "65DEDF02-9239-497C-94DB-DAF80B6B4F6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.11:beta:*:*:*:*:*:*",
              "matchCriteriaId": "5BE62DB2-664D-4E0A-840F-09D13E41704A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CAAECD8-0C16-40CC-BA8A-97DF38BAF668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.5.13:beta:*:*:*:*:*:*",
              "matchCriteriaId": "561D5D7A-1933-4A6D-940E-8DD035AA31B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en la funci\u00f3n png_set_unknown_chunks en libpng/pngset.c en libpng anterior a 1.5.14beta08 permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y ca\u00edda) a trav\u00e9s de un imagen manipulado, lo que provoca un desbordamiento de buffer basado en memoria din\u00e1mica."
    }
  ],
  "id": "CVE-2013-7353",
  "lastModified": "2025-06-09T16:15:23.980",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2014-05-06T14:55:05.010",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/oss-sec/2014/q2/83"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sourceforge.net/p/libpng/bugs/199/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/67345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2014/q2/83"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sourceforge.net/p/libpng/bugs/199/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67345"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        },
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2013-7353 (GCVE-0-2013-7353)

Vulnerability from cvelistv5

Published

2014-05-06 14:00