{"vuid":"VU#684412","idnumber":"684412","name":"libpng denial-of-service vulnerability","keywords":["CVE-2014-0333","libpng","CWE-835","DoS"],"overview":"libpng versions 1.6.0 through 1.6.9 contain a denial-of-service vulnerability.","clean_desc":"CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') - CVE-2014-0333\nGlenn Randers Pehrson of the PNG Development Group reports: The progressive decoder in libpng16 enters an infinite loop, thus hanging the application, when it encounters a zero-length IDAT chunk. Only libpng-1.6.0 and later are affected, and only applications using the progressive reader...The loop consumes CPU time but no memory or other resources.","impact":"Decoding a malformed .png file may cause the target application to become unresponsive.","resolution":"Apply an Update\nThe PNG Development Group has released a patch to address this issue for libpng versions 1.6.0 through 1.6.9. The patch can be found at both simplesystems.org and the libpng Sourceforge project.","workarounds":"","sysaffected":"","thanks":"Thanks to Glenn Randers-Pehrson for reporting this vulnerability.","author":"This document was written by Todd Lewellen.","public":["https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff","ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff"],"cveids":["CVE-2014-0333"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-02-24T20:11:08Z","publicdate":"2014-02-25T00:00:00Z","datefirstpublished":"2014-02-25T17:45:49Z","dateupdated":"2014-02-25T17:45:52Z","revision":5,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"N","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"H","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"4.3","cvss_basevector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","cvss_temporalscore":"3.6","cvss_environmentalscore":"3.55074972588","cvss_environmentalvector":"CDP:N/TD:H/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}