VYPR
Get started
← All advisories
High severity8.8NVD Advisory· Published Jan 10, 2015· Updated May 6, 2026

CVE-2014-9495

CVE-2014-9495

Description

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

Affected products

31
  • Libpng/Libpng30 versions
    cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*+ 29 more
    • cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.10:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.11:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.12:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.13:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.14:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.15:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.1:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.2:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.3:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.4:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.7:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.8:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.6.9:beta:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:*:beta:*:*:*:*:*:*range: <=1.5.20
  • Apple Inc./Mac Os X
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
    Range: <=10.11.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

11

News mentions

0

No linked articles in our index yet.