CVE-2013-6954

NameCVE-2013-6954
DescriptionThe png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2923-1
NVD severitymedium (attack range: remote)
Debian/oldoldstablenot vulnerable.
Debian/oldstablepackage openjdk-7 is vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libpng (PTS)squeeze, squeeze (security)1.2.44-1+squeeze4fixed
wheezy1.2.49-1fixed
stretch, sid, jessie1.2.50-2fixed
openjdk-7 (PTS)wheezy7u3-2.1.7-1vulnerable
wheezy (security)7u79-2.5.5-1~deb7u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libpngsource(unstable)(not affected)
openjdk-7sourcewheezy7u55-2.4.7-1~deb7u1mediumDSA-2923-1

Notes

- libpng <not-affected> (Vulnerable code introduced in 1.6.1)
https://bugzilla.redhat.com/show_bug.cgi?id=1045561
http://sourceforge.net/mailarchive/message.php?msg_id=31751422

Search for package or bug name: Reporting problems