Vulnerabilities > CVE-2014-0333 - Numeric Errors vulnerability in Libpng
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 18 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-4564.NASL description libpng 1.6.10 bug fix release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-04-03 plugin id 73315 published 2014-04-03 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73315 title Fedora 20 : mingw-libpng-1.6.10-1.fc20 (2014-4564) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-4564. # include("compat.inc"); if (description) { script_id(73315); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-6954", "CVE-2014-0333"); script_bugtraq_id(64493, 65776); script_xref(name:"FEDORA", value:"2014-4564"); script_name(english:"Fedora 20 : mingw-libpng-1.6.10-1.fc20 (2014-4564)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "libpng 1.6.10 bug fix release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1045561" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1070985" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131016.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?27fc0701" ); script_set_attribute( attribute:"solution", value:"Update the affected mingw-libpng package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-libpng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"mingw-libpng-1.6.10-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-libpng"); }NASL family Windows NASL id VLC_2_1_5.NASL description The version of VLC media player installed on the remote host is prior to 2.1.5. It is, therefore, affected by the following vulnerabilities : - An error exists in the png_push_read_chunk() function within the file last seen 2020-06-01 modified 2020-06-02 plugin id 78626 published 2014-10-22 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78626 title VLC Media Player < 2.1.5 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(78626); script_version("1.5"); script_cvs_date("Date: 2019/11/26"); script_cve_id("CVE-2014-0333", "CVE-2014-3466", "CVE-2014-6440"); script_bugtraq_id(65776, 67741, 72950); script_xref(name:"CERT", value:"684412"); script_name(english:"VLC Media Player < 2.1.5 Multiple Vulnerabilities"); script_summary(english:"Checks the VLC media player version."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a media player that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of VLC media player installed on the remote host is prior to 2.1.5. It is, therefore, affected by the following vulnerabilities : - An error exists in the png_push_read_chunk() function within the file 'pngpread.c' from the included libpng library that can allow denial of service attacks. (CVE-2014-0333) - A buffer overflow error exists in the read_server_hello() function within the file 'lib/gnutls_handshake.c' from the included GnuTLS library that can allow arbitrary code execution or denial of service. (CVE-2014-3466) - A heap-based buffer overflow error exists in the transcode module due to improper validation of user-supplied input when handling invalid channel counts. An attacker can exploit this to execute arbitrary code. (CVE-2014-6440)"); script_set_attribute(attribute:"see_also", value:"http://www.videolan.org/developers/vlc-branch/NEWS"); script_set_attribute(attribute:"see_also", value:"http://www.videolan.org/vlc/releases/2.1.5.html"); script_set_attribute(attribute:"solution", value: "Upgrade to version 2.1.5 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-6440"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/25"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:videolan:vlc_media_player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vlc_installed.nasl"); script_require_keys("installed_sw/VLC media player"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); app_name = "VLC media player"; install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE); version = install['version']; path = install['path']; fix = "2.1.5"; if ( version =~ "^[01]\." || version =~ "^2\.0($|[^0-9])" || version =~ "^2\.1\.[0-4]($|[^0-9])" ) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_hole(extra:report, port:port); } else security_hole(port:port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-06.NASL description The remote host is affected by the vulnerability described in GLSA-201408-06 (libpng: Multiple vulnerabilities) The png_push_read_chunk function in pngpread.c in the progressive decoder enters an infinite loop, when it encounters a zero-length IDAT chunk. In addition certain integer overflows have been detected and corrected. The 1.2 branch is not affected by these vulnerabilities. Impact : A remote attacker could entice a user to open a specially crafted PNG file using an application linked against libpng, possibly resulting in Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77213 published 2014-08-15 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77213 title GLSA-201408-06 : libpng: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-201.NASL description libpng16 was updated to fix a endless loop denial of service in the png reader code. (CVE-2014-0333 [bnc#866298]) last seen 2020-06-05 modified 2014-06-13 plugin id 75285 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75285 title openSUSE Security Update : libpng16 (openSUSE-SU-2014:0358-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-090.NASL description Updated libpng package fixes security vulnerabilities : The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero (CVE-2014-0333). libpng versions 1.6.9 through 1.6.15 have an integer-overflow vulnerability in png_combine_row() when decoding very wide interlaced images, which can allow an attacker to overwrite an arbitrary amount of memory with arbitrary (attacker-controlled) data (CVE-2014-9495). last seen 2020-06-01 modified 2020-06-02 plugin id 82343 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82343 title Mandriva Linux Security Advisory : libpng (MDVSA-2015:090) NASL family Fedora Local Security Checks NASL id FEDORA_2014-6631.NASL description Fix CVE-2013-6954 (#1056853) and CVE-2014-0333 (#1070987) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-29 plugin id 74232 published 2014-05-29 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74232 title Fedora 20 : libpng-1.6.6-3.fc20 (2014-6631)
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID:65776 CVE ID:CVE-2014-0333 libpng是一款多种应用程序所使用的解析PNG图形格式的函数库。 libpng16中的渐进式解码器在处理零长度IDAT块时存在安全漏洞,允许攻击者利用漏洞构建恶意文件,诱使用户解析,可使应用程序挂起。 0 libpng 1.6.0 -1.6.9 厂商补丁: libpng ----- 用户可参考如下厂商提供的安全补丁以修复该漏洞: https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff |
| id | SSV:61585 |
| last seen | 2017-11-19 |
| modified | 2014-02-27 |
| published | 2014-02-27 |
| reporter | Root |
| title | libpng拒绝服务漏洞 |