The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.03546.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a n/a affected
Version Status Constraints
n/a affected

Configuration 1 [-]

OR cpe:2.3:a:libpng:libpng:*:beta:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.0:beta:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.1:beta:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.2:beta:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.3:beta:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.4:beta:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.6.7:beta:*:*:*:*:*:*
Package CPE Advisory Released Date
Oracle Java for Red Hat Enterprise Linux 5
java-1.7.0-oracle-1:1.7.0.55-1jpp.2.el5_10 cpe:/a:redhat:rhel_extras_oracle_java:5 RHSA-2014:0413 2014-04-17T00:00:00Z
java-1.6.0-sun-1:1.6.0.75-1jpp.3.el5_10 cpe:/a:redhat:rhel_extras_oracle_java:5 RHSA-2014:0414 2014-04-17T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 6
java-1.7.0-oracle-1:1.7.0.55-1jpp.1.el6_5 cpe:/a:redhat:rhel_extras_oracle_java:6 RHSA-2014:0413 2014-04-17T00:00:00Z
java-1.6.0-sun-1:1.6.0.75-1jpp.1.el6_5 cpe:/a:redhat:rhel_extras_oracle_java:6 RHSA-2014:0414 2014-04-17T00:00:00Z
Red Hat Network Satellite Server v 5.4
java-1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5 cpe:/a:redhat:network_satellite:5.4::el5 RHSA-2014:0982 2014-07-29T00:00:00Z
Red Hat Network Satellite Server v 5.5
java-1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5 cpe:/a:redhat:network_satellite:5.5::el5 RHSA-2014:0982 2014-07-29T00:00:00Z
Red Hat Satellite 5.6
java-1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5 cpe:/a:redhat:network_satellite:5.6::el5 RHSA-2014:0982 2014-07-29T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
java-1.7.0-oracle-1:1.7.0.55-1jpp.2.el5_10 cpe:/a:redhat:rhel_extras:5 RHSA-2014:0412 2014-04-17T00:00:00Z
java-1.7.0-ibm-1:1.7.0.7.0-1jpp.1.el5_10 cpe:/a:redhat:rhel_extras:5 RHSA-2014:0486 2014-05-13T00:00:00Z
java-1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5_10 cpe:/a:redhat:rhel_extras:5 RHSA-2014:0508 2014-05-15T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
java-1.7.0-oracle-1:1.7.0.55-1jpp.1.el6_5 cpe:/a:redhat:rhel_extras:6 RHSA-2014:0412 2014-04-17T00:00:00Z
java-1.7.0-ibm-1:1.7.0.7.0-1jpp.1.el6_5 cpe:/a:redhat:rhel_extras:6 RHSA-2014:0486 2014-05-13T00:00:00Z
java-1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el6_5 cpe:/a:redhat:rhel_extras:6 RHSA-2014:0508 2014-05-15T00:00:00Z
Supplementary for Red Hat Enterprise Linux 7
java-1.7.1-ibm-1:1.7.1.1.0-1jpp.2.el7_0 cpe:/a:redhat:rhel_extras:7 RHSA-2014:0705 2014-06-10T00:00:00Z

No data.

Project Subscriptions

Vendors Products
Libpng Subscribe
Libpng Subscribe
Redhat Subscribe
Network Satellite Subscribe
Rhel Extras Subscribe
Rhel Extras Oracle Java Subscribe
Advisories
Source ID Title
Debian DSA Debian DSA DSA-2923-1 openjdk-7 security update
EUVD EUVD EUVD-2013-6755 The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://advisories.mageia.org/MGASA-2014-0075.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140852886808946&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140852974709252&w=2 cve-icon cve-icon
http://secunia.com/advisories/58974 cve-icon cve-icon
http://secunia.com/advisories/59058 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-201406-32.xml cve-icon cve-icon
http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c cve-icon cve-icon
http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/ cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21672080 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21676746 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/650142 cve-icon cve-icon
http://www.libpng.org/pub/png/libpng.html cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2014:035 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html cve-icon cve-icon
http://www.securityfocus.com/bid/64493 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2014:0413 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2014:0414 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1045561 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2013-6954 cve-icon
https://www.cve.org/CVERecord?id=CVE-2013-6954 cve-icon
https://www.ibm.com/support/docview.wss?uid=swg21675973 cve-icon cve-icon
History

Tue, 10 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2025-06-10T13:18:13.099Z

Reserved: 2013-12-04T00:00:00.000Z

Link: CVE-2013-6954

cve-icon Vulnrichment

Updated: 2024-08-06T17:53:45.097Z

cve-icon NVD

Status : Deferred

Published: 2014-01-12T18:34:55.893

Modified: 2025-06-10T14:15:22.367

Link: CVE-2013-6954

cve-icon Redhat

Severity : Low

Publid Date: 2013-12-19T00:00:00Z

Links: CVE-2013-6954 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses