{"id":"MGASA-2014-0210","summary":"Updated libpng packages fix two security vulnerabilities","details":"Updated libpng12 and libpng packages fix security vulnerabilities:\n\nAn integer overflow leading to a heap-based buffer overflow was found in\nthe png_set_sPLT() and png_set_text_2() API functions of libpng. An\nattacker could create a specially-crafted image file and render it with\nan application written to explicitly call png_set_sPLT() or\npng_set_text_2() function, could cause libpng to crash or execute\narbitrary code with the permissions of the  user running such an\napplication (CVE-2013-7353).\n\nAn integer overflow leading to a heap-based buffer overflow was found in\nthe png_set_unknown_chunks() API function of libpng. An attacker could\ncreate a specially-crafted image file and render it with an application\nwritten to explicitly call png_set_unknown_chunks() function, could cause\nlibpng to crash or execute arbitrary code with the permissions of the user\nrunning such an application (CVE-2013-7354).\n","modified":"2026-04-16T06:25:53.184963521Z","published":"2014-05-10T19:34:01Z","upstream":["CVE-2013-7353","CVE-2013-7354"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0210.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2014-05/msg00026.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2014-05/msg00024.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13185"}],"affected":[{"package":{"name":"libpng12","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/libpng12?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.50-3.2.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0210.json"}},{"package":{"name":"libpng","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/libpng?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.13-2.2.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0210.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}