CVE-2013-7354: Buffer Overflow
First published: Tue May 06 2014(Updated: )
Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libp2p | <=1.5.13 | |
| libp2p | =1.5.0-beta | |
| libp2p | =1.5.1 | |
| libp2p | =1.5.1-beta | |
| libp2p | =1.5.2 | |
| libp2p | =1.5.2-beta | |
| libp2p | =1.5.3-beta | |
| libp2p | =1.5.4 | |
| libp2p | =1.5.4-beta | |
| libp2p | =1.5.5 | |
| libp2p | =1.5.5-beta | |
| libp2p | =1.5.6 | |
| libp2p | =1.5.6-beta | |
| libp2p | =1.5.7 | |
| libp2p | =1.5.7-beta | |
| libp2p | =1.5.8 | |
| libp2p | =1.5.8-beta | |
| libp2p | =1.5.9 | |
| libp2p | =1.5.9-beta | |
| libp2p | =1.5.10-beta | |
| libp2p | =1.5.11 | |
| libp2p | =1.5.11-beta | |
| libp2p | =1.5.12 | |
| libp2p | =1.5.13-beta | |
| <=1.5.13 | ||
| =1.5.0-beta | ||
| =1.5.1 | ||
| =1.5.1-beta | ||
| =1.5.2 | ||
| =1.5.2-beta | ||
| =1.5.3-beta | ||
| =1.5.4 | ||
| =1.5.4-beta | ||
| =1.5.5 | ||
| =1.5.5-beta | ||
| =1.5.6 | ||
| =1.5.6-beta | ||
| =1.5.7 | ||
| =1.5.7-beta | ||
| =1.5.8 | ||
| =1.5.8-beta | ||
| =1.5.9 | ||
| =1.5.9-beta | ||
| =1.5.10-beta | ||
| =1.5.11 | ||
| =1.5.11-beta | ||
| =1.5.12 | ||
| =1.5.13-beta |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-7354?
CVE-2013-7354 is considered a moderate severity vulnerability that can lead to denial of service through crashes.
How do I fix CVE-2013-7354?
To fix CVE-2013-7354, upgrade to libpng version 1.5.14rc04 or later.
Which versions of libpng are affected by CVE-2013-7354?
CVE-2013-7354 affects all versions of libpng prior to 1.5.14rc04.
How does CVE-2013-7354 exploit integer overflows?
CVE-2013-7354 exploits integer overflows in the png_set_sPLT and png_set_text_2 functions to create a heap-based buffer overflow.
Can CVE-2013-7354 allow remote attacks?
Yes, CVE-2013-7354 can allow remote attackers to exploit vulnerabilities by sending a crafted image.
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/tags
- vendor/libpng
- canonical/libp2p
- version/libp2p/1.5.13
- version/libp2p/1.5.0-beta
- version/libp2p/1.5.1
- version/libp2p/1.5.1-beta
- version/libp2p/1.5.2
- version/libp2p/1.5.2-beta
- version/libp2p/1.5.3-beta
- version/libp2p/1.5.4
- version/libp2p/1.5.4-beta
- version/libp2p/1.5.5
- version/libp2p/1.5.5-beta
- version/libp2p/1.5.6
- version/libp2p/1.5.6-beta
- version/libp2p/1.5.7
- version/libp2p/1.5.7-beta
- version/libp2p/1.5.8
- version/libp2p/1.5.8-beta
- version/libp2p/1.5.9
- version/libp2p/1.5.9-beta
- version/libp2p/1.5.10-beta
- version/libp2p/1.5.11
- version/libp2p/1.5.11-beta
- version/libp2p/1.5.12
- version/libp2p/1.5.13-beta