CVE-2014-0333

Publication date 27 February 2014

Last updated 24 July 2024


Ubuntu priority

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

Read the notes from the security team

Status

Package Ubuntu Release Status
libpng 13.10 saucy
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
10.04 LTS lucid
Not affected

Notes


mdeslaur

only 1.6.0+


jdstrand

libpng1.6 1.6.8-2 is affected, but not in the Ubuntu archive