Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:236656
HistoryAug 04, 2004 - 12:00 a.m.

libpng png_handle_iCCP() NULL pointer dereference

2004-08-0400:00:00
www.kb.cert.org
21

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.963

Percentile

99.6%

JSON

Overview

The Portable Network Graphics library (libpng) contains a remotely exploitable vulnerability that could cause affected applications to crash.

Description

The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format.

Under some circumstances, a null pointer may be dereferenced during a memory allocation in the png_handle_iCCP() function. As a result, a PNG file with particular characteristics could cause the affected application to crash. Similar errors are reported to exist in other locations within libpng.

Multiple applications support the PNG image format, including web browsers, email clients, and various graphic utilities. Because multiple products have used the libpng reference library to implement native PNG image processing, applications will be affected by this issue in different ways.

Impact

An attacker could cause a vulnerable application to crash by supplying a specially crafted PNG image. Vulnerable applications that read images from network sources could be exploited remotely.

Solution

Apply a patch from the vendor
Patches have been released to address this vulnerability. Please see the Systems Affected section of this document for more details.

Vendor Information

236656

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer, Inc. __ Affected

Notified: July 16, 2004 Updated: June 01, 2005

Status

Affected

Vendor Statement

APPLE-SA-2004-09-09 Mac OS X 10.3.5

Mac OS X 10.3.5 is now available and delivers security enhancements
for the following components:

Component: libpng (Portable Network Graphics)
CVE-IDs: CAN-2002-1363, CAN-2004-0421, CAN-2004-0597,
CAN-2004-0598, CAN-2004-0599
Impact: Malicious png images can cause application crashes and could
execute arbitrary code

Description: A number of buffer overflows, null pointer dereferences
and integer overflows have been discovered in the reference library
for reading and writing PNG images. These vulnerabilities have been
corrected in libpng which is used by the CoreGraphics and AppKit
frameworks in Mac OS X. After installing this update, applications
that use the PNG image format via these frameworks will be protected
against these flaws.

Note: The libpng security fixes are also available separately for Mac
OS X 10.3.4 and Mac OS X 10.2.8 via Security Update 2004-08-09.

Mac OS X 10.3.5 may be obtained from the Software Update
pane in System Preferences, or Apple’s Software Downloads web site:
<http://www.apple.com/support/downloads/&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Debian Linux Affected

Notified: July 16, 2004 Updated: August 20, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Gentoo Affected

Updated: August 20, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Hewlett-Packard Company Affected

Notified: July 16, 2004 Updated: August 20, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Mandriva, Inc. __ Affected

Notified: July 16, 2004 Updated: August 04, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

MandrakeSoft has published Mandrake Security Advisory MDKSA-2004:079 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Mandriva, Inc. Affected

Notified: July 16, 2004 Updated: August 20, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

MontaVista Software, Inc. Affected

Notified: July 16, 2004 Updated: August 04, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

OpenPKG Affected

Updated: August 20, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Red Hat, Inc. Affected

Notified: July 16, 2004 Updated: August 20, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

SUSE Linux Affected

Notified: July 16, 2004 Updated: August 04, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Slackware Affected

Updated: August 20, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Sun Microsystems, Inc. Affected

Notified: July 16, 2004 Updated: August 04, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Trustix Secure Linux Affected

Updated: August 20, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

libpng.org __ Affected

Notified: July 16, 2004 Updated: August 04, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

This issue has been resolved in libpng version 1.2.6rc1 (release candidate 1). An older version of libpng containing the backported fixes, 1.0.16rc1, is also available.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Hitachi Not Affected

Notified: July 16, 2004 Updated: August 20, 2004

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Juniper Networks, Inc. __ Not Affected

Notified: July 16, 2004 Updated: July 23, 2004

Status

Not Affected

Vendor Statement

Juniper Networks products are not susceptible to this vulnerability

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

NEC Corporation __ Not Affected

Notified: July 16, 2004 Updated: August 03, 2004

Status

Not Affected

Vendor Statement

`sent on August 2, 2004

[Software Products]

  • E-mail client software “WeMail”
    (shareware developped by NEC Communication Systems,Ltd.)
  • is NOT vulnerable.
    It does not include any code originated from libPNG.
  • We continue to try to investigate other products possibly affected
    by these vulnerabilities.
    `

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Berkeley Software Design, Inc. Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Cray Inc. Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Engarde Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

FreeBSD, Inc. Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Fujitsu Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

IBM Corporation Unknown

Notified: July 16, 2004 Updated: August 04, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

IBM eServer Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

IBM-zSeries Unknown

Notified: July 16, 2004 Updated: August 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Immunix Unknown

Notified: July 16, 2004 Updated: August 04, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Ingrian Networks, Inc. Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Microsoft Corporation Unknown

Notified: July 16, 2004 Updated: August 04, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

NETBSD Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Nokia Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Novell, Inc. Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Openwall GNU/*/Linux Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

SCO Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

SGI Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Sequent Computer Systems, Inc. Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Sony Corporation Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

TurboLinux Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Unisys Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

Wind River Systems, Inc. Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

eMC Corporation Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23236656 Feedback>).

View all 40 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Chris Evans for reporting this vulnerability.

This document was written by Chad Dougherty and Damon Morda.

Other Information

CVE IDs: CVE-2004-0598
Severity Metric: 1.05 Date Public:

Related

cert 6
nessus 50
securityvulns 12
redhat 5
openvas 56
osv 5
gentoo 4
f5 2
slackware 5
freebsd 2
suse 4
debian 5
cvelist 6
nvd 8
cve 8
ubuntucve 5
checkpoint_advisories 2
exploitdb 3
prion 1
fedora 9
coresecurity 1
cert
cert
libpng png_handle_sPLT() integer overflow
2004-08-04 00:00:00
libpng contains integer overflows in progressive display image reading
2004-08-04 00:00:00
libpng fails to properly check length of transparency chunk (tRNS) data
2004-08-04 00:00:00
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Update 2004-08-09)
2004-08-10 00:00:00
RHEL 2.1 / 3 : libpng (RHSA-2004:402)
2004-08-05 00:00:00
Mandrake Linux Security Advisory : chromium (MDKSA-2006:213)
2007-02-18 00:00:00
securityvulns
securityvulns
[ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities
2006-11-18 00:00:00
[ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities
2006-11-18 00:00:00
CESA-2004-001: libpng
2004-08-05 00:00:00
redhat
redhat
(RHSA-2004:402) libpng security update
2004-08-04 00:00:00
(RHSA-2003:007) libpng security update
2003-02-06 00:00:00
(RHSA-2004:249) libpng security update
2004-06-18 00:00:00
openvas
openvas
Debian Security Advisory DSA 536-1 (libpng)
2008-01-17 00:00:00
Debian Security Advisory DSA 536-1 (libpng)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200408-03 (libpng)
2008-09-24 00:00:00
osv
osv
libpng - several vulnerabilities
2004-08-04 00:00:00
libpng - buffer overflow
2002-12-19 00:00:00
libpng3 - buffer overflows, integer overflow
2004-10-20 00:00:00
gentoo
gentoo
libpng: Numerous vulnerabilities
2004-08-05 00:00:00
Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities
2004-08-23 00:00:00
libpng: Buffer overflow on row buffers
2004-07-08 00:00:00
f5
f5
SOL4009 - Vulnerabilities in libpng - CAN-2004-0597, CAN-2004-0598, CAN-2004-0599
2007-05-16 00:00:00
Vulnerabilities in libpng - CAN-2004-0597, CAN-2004-0598, CAN-2004-0599
2007-05-17 04:00:00
slackware
slackware
libpng
2004-08-09 20:40:50
[slackware-security] imagemagick
2004-08-10 21:26:39
libpng update
2004-05-03 13:08:30
freebsd
freebsd
libpng stack-based buffer overflow and other code concerns
2004-08-04 00:00:00
libpng denial-of-service
2004-04-29 00:00:00
suse
suse
remote system compromise in libpng
2004-08-04 15:12:06
possible remote compromise in libpng
2003-01-14 10:26:12
remote file disclosure in samba
2004-10-05 14:57:32
debian
debian
[SECURITY] [DSA 536-1] New libpng, libpng3 packages fix multiple vulnerabilities
2004-08-05 02:10:24
[SECURITY] [DSA 213-1] New libpng packages fix buffer overflow
2002-12-19 14:44:16
[SECURITY] [DSA 498-1] New libpng packages fix denial of service
2004-04-30 10:31:34
cvelist
cvelist
CVE-2002-1363
2004-09-01 04:00:00
CVE-2004-0421
2004-05-05 04:00:00
CVE-2004-0598
2004-08-05 04:00:00
nvd
nvd
CVE-2002-1363
2002-12-26 05:00:00
CVE-2004-0421
2004-08-18 04:00:00
CVE-2004-0598
2004-11-23 05:00:00
cve
cve
CVE-2002-1363
2004-09-01 04:00:00
CVE-2004-0421
2004-08-18 04:00:00
CVE-2004-0599
2004-11-23 05:00:00
ubuntucve
ubuntucve
CVE-2004-0598
2004-11-23 00:00:00
CVE-2004-0421
2004-08-18 00:00:00
CVE-2004-0599
2004-11-23 00:00:00
checkpoint_advisories
checkpoint_advisories
libpng Transparency Chunk Length Buffer Overflow (CVE-2004-0597)
2010-02-21 00:00:00
Libpng png_handle_sBIT Local Buffer Overflow - Ver2 (CVE-2004-0597)
2014-03-03 00:00:00
exploitdb
exploitdb
Microsoft MSN Messenger 6.2.0137 - &#039;.png&#039; Remote Buffer Overflow
2005-02-08 00:00:00
LibPNG Graphics Library - Remote Buffer Overflow
2004-08-11 00:00:00
LibPNG 1.2.5 - &#039;png_jmpbuf()&#039; Local Buffer Overflow
2004-08-13 00:00:00
prion
prion
Out-of-bounds
2011-07-17 20:55:00
fedora
fedora
[SECURITY] Fedora 14 Update: mingw32-libpng-1.4.3-2.fc14
2011-07-16 07:29:14
[SECURITY] Fedora 15 Update: mingw32-libpng-1.4.3-3.fc15
2011-07-16 07:35:14
[SECURITY] Fedora 14 Update: libpng10-1.0.55-1.fc14
2011-07-23 01:56:18
coresecurity
coresecurity
MSN Messenger PNG Image Parsing Vulnerability
2005-02-08 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.963

Percentile

99.6%

JSON
Related for VU:236656
cert6nessus50securityvulns12redhat5openvas56osv5gentoo4f52slackware5freebsd2suse4debian5cvelist6nvd8cve8ubuntucve5checkpoint_advisories2exploitdb3prion1fedora9coresecurity1