Skip to main content

Libpng CVE-2014-0333

MEDIUM
Numeric Errors (CWE-189)
2014-02-27 cret@cert.org
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Feb 27, 2014 - 20:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

AnalysisAI

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-189. The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero. Affected products include: Libpng. Version information: through 1.6.9.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Libpng

View all
CVE-2015-0973 HIGH POC
8.8 Jan 18

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows

CVE-2026-25646 HIGH POC
8.3 Feb 10

Denial of service (with limited memory disclosure) in libpng before 1.6.55 lets an attacker supply a specially crafted b

CVE-2015-8540 HIGH
8.8 Apr 14

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.

CVE-2013-6954 MEDIUM POC
6.5 Jan 12

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL poi

CVE-2025-66293 HIGH POC
7.1 Dec 03

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)

CVE-2025-65018 HIGH POC
7.1 Nov 25

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)

CVE-2025-64720 HIGH POC
7.1 Nov 25

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)

CVE-2019-6129 MEDIUM POC
6.5 Jan 11

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. Rated medium severity (CVS

CVE-2018-14048 MEDIUM POC
6.5 Jul 13

An issue has been found in libpng 1.6.34. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable,

CVE-2026-22695 MEDIUM POC
6.1 Jan 12

Libpng versions 1.6.51-1.6.53 contain a heap buffer over-read in the simplified API function png_image_finish_read when

CVE-2025-28164 MEDIUM POC
5.5 Jan 27

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_creat

CVE-2025-28162 MEDIUM POC
5.5 Jan 27

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngim

Share

CVE-2014-0333 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy