Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-7354

Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.

Published

2014-05-06T14:55:05.043

Last Modified

2025-06-09T16:15:24.220

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-189
  • Type: Secondary
    CWE-122
    CWE-190
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application libpng libpng ≤ 1.5.13 Yes
Application libpng libpng 1.5.0 Yes
Application libpng libpng 1.5.1 Yes
Application libpng libpng 1.5.1 Yes
Application libpng libpng 1.5.2 Yes
Application libpng libpng 1.5.2 Yes
Application libpng libpng 1.5.3 Yes
Application libpng libpng 1.5.4 Yes
Application libpng libpng 1.5.4 Yes
Application libpng libpng 1.5.5 Yes
Application libpng libpng 1.5.5 Yes
Application libpng libpng 1.5.6 Yes
Application libpng libpng 1.5.6 Yes
Application libpng libpng 1.5.7 Yes
Application libpng libpng 1.5.7 Yes
Application libpng libpng 1.5.8 Yes
Application libpng libpng 1.5.8 Yes
Application libpng libpng 1.5.9 Yes
Application libpng libpng 1.5.9 Yes
Application libpng libpng 1.5.10 Yes
Application libpng libpng 1.5.11 Yes
Application libpng libpng 1.5.11 Yes
Application libpng libpng 1.5.12 Yes
Application libpng libpng 1.5.13 Yes
References