{"vuid":"VU#650142","idnumber":"650142","name":"libpng 1.6.1 through 1.6.7 contain a null-pointer dereference vulnerability","keywords":["libpng","dos","null","pointer","dereference"],"overview":"libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images with empty palettes, leading to a null-pointer dereference (crash) in png_do_expand_palette().","clean_desc":"The PNG Development Group has reported that \"libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images with empty palettes, leading to a null-pointer dereference (crash) in png_do_expand_palette()\".","impact":"An attacker may be able to exploit an application that uses libpng to execute arbitrary code or cause a denial-of-service.","resolution":"Apply an Update libpng 1.6.8 has addressed this vulnerability.","workarounds":"","sysaffected":"","thanks":"Thanks to Glenn Randers-Pehrson for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["h","t","t","p",":","/","/","w","w","w",".","l","i","b","p","n","g",".","o","r","g","/","p","u","b","/","p","n","g","/","l","i","b","p","n","g",".","h","t","m","l"],"cveids":["CVE-2013-6954"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-12-13T13:50:08Z","publicdate":"2013-12-19T00:00:00Z","datefirstpublished":"2014-01-09T18:01:24Z","dateupdated":"2014-01-09T18:01:26Z","revision":5,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"H","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"3.3","cvss_basevector":"AV:L/AC:M/Au:N/C:P/I:P/A:N","cvss_temporalscore":"2.4","cvss_environmentalscore":"2.4523983336258","cvss_environmentalvector":"CDP:ND/TD:H/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}