CVE-2014-9495

Published: Jan 10, 2015

Modified: Jun 9, 2025

PUBLISHED

Description

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow

mailing-list

x_refsource_MLIST

71820

vdb-entry

x_refsource_BID

APPLE-SA-2016-03-21-5

vendor-advisory

x_refsource_APPLE

https://support.apple.com/HT206167

x_refsource_CONFIRM

[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available

mailing-list

x_refsource_MLIST

[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow

mailing-list

x_refsource_MLIST

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

x_refsource_CONFIRM

[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow

mailing-list

x_refsource_MLIST

[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available

mailing-list

x_refsource_MLIST

1031444

vdb-entry

x_refsource_SECTRACK

62725

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-9495

Description

Affected Products

References