Vulnerabilities > CVE-2013-7353 - Numeric Errors vulnerability in Libpng
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-6892.NASL description - Update to 1.5.18 - Fixes CVE-2013-7353 CVE-2013-7354 (RHBZ #1086671) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-06-10 plugin id 74404 published 2014-06-10 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74404 title Fedora 19 : mingw-libpng-1.5.18-1.fc19 (2014-6892) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-6892. # include("compat.inc"); if (description) { script_id(74404); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-7353", "CVE-2013-7354"); script_bugtraq_id(67344, 67345); script_xref(name:"FEDORA", value:"2014-6892"); script_name(english:"Fedora 19 : mingw-libpng-1.5.18-1.fc19 (2014-6892)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Update to 1.5.18 - Fixes CVE-2013-7353 CVE-2013-7354 (RHBZ #1086671) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1086671" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134206.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bf0e0c32" ); script_set_attribute( attribute:"solution", value:"Update the affected mingw-libpng package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-libpng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"mingw-libpng-1.5.18-1.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-libpng"); }NASL family SuSE Local Security Checks NASL id SUSE_11_LIBPNG-DEVEL-140428.NASL description This libpng update fixes the following two overflow security issues. - Fixed integer overflow that could have lead to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2(). (CVE-2013-7354). (bnc#873123) - Fixed integer overflow that could have lead to a heap-based buffer overflow in png_set_unknown_chunks(). (CVE-2013-7353). (bnc#873124) last seen 2020-06-05 modified 2014-05-28 plugin id 74210 published 2014-05-28 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74210 title SuSE 11.3 Security Update : libpng (SAT Patch Number 9170) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(74210); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-7353", "CVE-2013-7354"); script_name(english:"SuSE 11.3 Security Update : libpng (SAT Patch Number 9170)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This libpng update fixes the following two overflow security issues. - Fixed integer overflow that could have lead to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2(). (CVE-2013-7354). (bnc#873123) - Fixed integer overflow that could have lead to a heap-based buffer overflow in png_set_unknown_chunks(). (CVE-2013-7353). (bnc#873124)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=873123" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=873124" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-7353.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-7354.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9170."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpng12-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpng12-0-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libpng12-0-1.2.31-5.33.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libpng12-0-1.2.31-5.33.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libpng12-0-32bit-1.2.31-5.33.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libpng12-0-1.2.31-5.33.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libpng12-0-32bit-1.2.31-5.33.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libpng12-0-32bit-1.2.31-5.33.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-06.NASL description The remote host is affected by the vulnerability described in GLSA-201408-06 (libpng: Multiple vulnerabilities) The png_push_read_chunk function in pngpread.c in the progressive decoder enters an infinite loop, when it encounters a zero-length IDAT chunk. In addition certain integer overflows have been detected and corrected. The 1.2 branch is not affected by these vulnerabilities. Impact : A remote attacker could entice a user to open a specially crafted PNG file using an application linked against libpng, possibly resulting in Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77213 published 2014-08-15 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77213 title GLSA-201408-06 : libpng: Multiple vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1496.NASL description According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.(CVE-2013-7354) - Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.(CVE-2013-7353) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-30 modified 2020-04-16 plugin id 135658 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135658 title EulerOS Virtualization 3.0.2.2 : libpng (EulerOS-SA-2020-1496) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1256.NASL description According to the versions of the libpng package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.(CVE-2013-7354) - Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.(CVE-2013-7353) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2020-03-13 plugin id 134545 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134545 title EulerOS Virtualization for ARM 64 3.0.2.0 : libpng (EulerOS-SA-2020-1256) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-071.NASL description Updated libpng12 package fixes security vulnerabilities : The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c (CVE-2013-6954). An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. An attacker could create a specially crafted image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application (CVE-2013-7353). An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. An attacker could create a specially crafted image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application (CVE-2013-7354). last seen 2020-06-01 modified 2020-06-02 plugin id 82324 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82324 title Mandriva Linux Security Advisory : libpng12 (MDVSA-2015:071) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-084.NASL description Updated libpng packages fix security vulnerabilities : An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. An attacker could create a specially crafted image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application (CVE-2013-7353). An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. An attacker could create a specially crafted image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application (CVE-2013-7354). last seen 2020-06-01 modified 2020-06-02 plugin id 73976 published 2014-05-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73976 title Mandriva Linux Security Advisory : libpng (MDVSA-2014:084) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-347.NASL description This libpng12 update fixes the following two security issues. - bnc#873123: Fixed integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() (CVE-2013-7354). - bnc#873124: Fixed integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks() (CVE-2013-7353). last seen 2020-06-05 modified 2014-06-13 plugin id 75349 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75349 title openSUSE Security Update : libpng12 (openSUSE-SU-2014:0618-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2247.NASL description According to the versions of the libpng packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.(CVE-2013-7353) - Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.(CVE-2013-7354) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130709 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130709 title EulerOS 2.0 SP3 : libpng (EulerOS-SA-2019-2247) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2383.NASL description According to the versions of the libpng packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.(CVE-2013-7353) - Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.(CVE-2013-7354) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-10 plugin id 131875 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131875 title EulerOS 2.0 SP2 : libpng (EulerOS-SA-2019-2383) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1975.NASL description According to the versions of the libpng packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.(CVE-2013-7353) - Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.(CVE-2013-7354) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-23 plugin id 129132 published 2019-09-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129132 title EulerOS 2.0 SP5 : libpng (EulerOS-SA-2019-1975) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-345.NASL description This libpng update fixes the following security issue : - bnc#873124: Fixed integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks() (CVE-2013-7353). - bnc#873123: integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() (CVE-2013-7354) last seen 2020-06-05 modified 2014-06-13 plugin id 75348 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75348 title openSUSE Security Update : libpng15 (openSUSE-SU-2014:0616-1)
References
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html
- http://seclists.org/oss-sec/2014/q2/83
- http://seclists.org/oss-sec/2014/q2/83
- http://sourceforge.net/p/libpng/bugs/199/
- http://sourceforge.net/p/libpng/bugs/199/
- http://www.securityfocus.com/bid/67345
- http://www.securityfocus.com/bid/67345