{"id":"MGASA-2014-0211","summary":"Updated libpng packages fix two security vulnerabilities","details":"Updated libpng12 packages fix security vulnerabilities:\n\nAn integer overflow leading to a heap-based buffer overflow was found in\nthe png_set_sPLT() and png_set_text_2() API functions of libpng. An\nattacker could create a specially-crafted image file and render it with\nan application written to explicitly call png_set_sPLT() or\npng_set_text_2() function, could cause libpng to crash or execute\narbitrary code with the permissions of the user running such an\napplication (CVE-2013-7353).\n\nAn integer overflow leading to a heap-based buffer overflow was found in\nthe png_set_unknown_chunks() API function of libpng. An attacker could\ncreate a  specially-crafted image file and render it with an application\nwritten to explicitly call png_set_unknown_chunks() function, could cause\nlibpng to crash or execute arbitrary code with the permissions of the user\nrunning such an application (CVE-2013-7354).\n","modified":"2026-04-16T06:25:50.879099129Z","published":"2014-05-10T19:36:04Z","upstream":["CVE-2013-7353","CVE-2013-7354"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0211.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2014-05/msg00026.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13185"}],"affected":[{"package":{"name":"libpng12","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/libpng12?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.50-4.2.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0211.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}