VYPR
Medium severity6.5NVD Advisory· Published Jan 12, 2014· Updated Jun 17, 2026

CVE-2013-6954

CVE-2013-6954

Description

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

18
  • Libpng/Libpng16 versions
    cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.1:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.2:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.3:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.4:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.7:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:*:beta:*:*:*:*:*:*range: <=1.6.8
    • (no CPE)range: <1.6.8
  • osv-coords2 versions
    < 1.7.0.121-1.1+ 1 more
    • (no CPE)range: < 1.7.0.121-1.1
    • (no CPE)range: < 1.6.26-1.1

Patches

Vulnerability mechanics

References

25

News mentions

0

No linked articles in our index yet.