Red Hat Customer Portal

Skip to main content

CVE-2013-6954

Impact:
Low
Public Date:
2013-12-19
Bugzilla:
1045561: CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL palette

The MITRE CVE dictionary describes this issue as:

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.

Find out more about CVE-2013-6954 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Not Vulnerable. This issue does not affect the version of libpng as shipped with Red Hat Enterprise Linux 5 and 6.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Oracle Java for Red Hat Enterprise Linux 5 (java-1.7.0-oracle) RHSA-2014:0413 2014-04-17
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2014:0508 2014-05-15
Red Hat Satellite 5.6 (RHEL v.5) (java-1.6.0-ibm) RHSA-2014:0982 2014-07-29
Red Hat Satellite 5.6 (RHEL v.6) (java-1.6.0-ibm) RHSA-2014:0982 2014-07-29
Red Hat Satellite 5.5 (RHEL v.5) (java-1.6.0-ibm) RHSA-2014:0982 2014-07-29
Red Hat Satellite 5.5 (RHEL v.6) (java-1.6.0-ibm) RHSA-2014:0982 2014-07-29
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2014:0508 2014-05-15
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) RHSA-2014:0413 2014-04-17
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) RHSA-2014:0414 2014-04-17
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) RHSA-2014:0705 2014-06-10
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-oracle) RHSA-2014:0412 2014-04-17
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) RHSA-2014:0486 2014-05-13
Red Hat Satellite 5.4 (RHEL v.6) (java-1.6.0-ibm) RHSA-2014:0982 2014-07-29
Red Hat Satellite 5.4 (RHEL v.5) (java-1.6.0-ibm) RHSA-2014:0982 2014-07-29
Oracle Java for Red Hat Enterprise Linux 5 (java-1.6.0-sun) RHSA-2014:0414 2014-04-17
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm) RHSA-2014:0486 2014-05-13
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-oracle) RHSA-2014:0412 2014-04-17

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 libpng Not affected
Red Hat Enterprise Linux 6 libpng Not affected
Red Hat Enterprise Linux 5 java-1.5.0-ibm Not affected
Red Hat Enterprise Linux 5 libpng Not affected
Red Hat Enterprise Linux 6 java-1.5.0-ibm Not affected
Red Hat Enterprise Linux 7 libpng12 Not affected

Last Modified