Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9495

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2014-9495
Last Modified 05 Feb 2015 09:59:38
Published 10 Jan 2015 02:59:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9495

Summary

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

Vulnerable Systems

Application

  • Libpng 1.5.20

  • Libpng 1.6.0

  • Libpng 1.6.1

  • Libpng 1.6.10

  • Libpng 1.6.11

  • Libpng 1.6.12

  • Libpng 1.6.13

  • Libpng 1.6.14

  • Libpng 1.6.15

  • Libpng 1.6.2

  • Libpng 1.6.3

  • Libpng 1.6.4

  • Libpng 1.6.5

  • Libpng 1.6.6

  • Libpng 1.6.7

  • Libpng 1.6.8

  • Libpng 1.6.9


References

SECTRACK - 1031444

BID - 71820

MLIST - [oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow

MISC - http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt

MLIST - [png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available

MLIST - [oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow

MLIST - [oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow

MLIST - [png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available

SECUNIA - 62725


Last Updated: 27 May 2016 11:07:29