Lucene search

K
mageiaGentoo FoundationMGASA-2014-0131
HistoryMar 15, 2014 - 8:29 p.m.

Updated libpng package fixes security vulnerability

2014-03-1520:29:56
Gentoo Foundation
advisories.mageia.org
27

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.009

Percentile

82.7%

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero (CVE-2014-0333).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchlibpng< 1.6.8-1.1libpng-1.6.8-1.1.mga4

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.009

Percentile

82.7%