Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:388984
HistoryAug 04, 2004 - 12:00 a.m.

libpng fails to properly check length of transparency chunk (tRNS) data

2004-08-0400:00:00
www.kb.cert.org
35

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.6%

JSON

Overview

The Portable Network Graphics library (libpng) contains a remotely exploitable vulnerability, which could lead to arbitrary code execution on an affected system.

Description

The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format.

According to the PNG Chunk Specification, PNG images contain a series of chunks including the IHDR, IDAT, and IEND chunks. In addition to these required chunks, a PNG image may contain one or more optional chunks. The optional tRNS chunk is responsible for specifying images that use simple transparency. There are several components of the tRNS chunk. If the PLTE block is not present in a tRNS chunk, a logic error in the code responsible for validating the data segments of the tRNS chunk may lead to a buffer overflow condition.

The buffer overflow vulnerability occurs in the png_handle_tRNS() function, which is responsible for ensuring that PNG images are formatted properly. When processing malformed PNG images, this function may fail to properly validate the length of the transparency chunk (tRNS) data.

Multiple applications support the PNG image format, including web browsers, email clients, and various graphic utilities. Because multiple products have used the libpng reference library to implement native PNG image processing, multiple applications will be affected by this issue in different ways.

Please note that this vulnerability is known to exist in Microsoft Windows Messenger and MSN Messenger. Please see MS05-009 for more details. For information regarding how this vulnerability affects Microsoft Internet Explorer, refer to MS05-025.

Impact

By introducing a malformed PNG image to a vulnerable application, a remote attacker could cause the application to crash or potentially execute arbitrary code with the privileges of the current user.

Solution

Apply a patch from the vendor

Patches have been released to address this vulnerability. Please see the Systems Affected section of this document for more details.

Vendor Information

388984

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer Inc. __ Affected

Notified: July 16, 2004 Updated: May 17, 2005

Status

Affected

Vendor Statement

APPLE-SA-2004-09-09 Mac OS X 10.3.5

Mac OS X 10.3.5 is now available and delivers security enhancements
for the following components:

Component: libpng (Portable Network Graphics)
CVE-IDs: CAN-2002-1363, CAN-2004-0421, CAN-2004-0597,
CAN-2004-0598, CAN-2004-0599
Impact: Malicious png images can cause application crashes and could
execute arbitrary code

Description: A number of buffer overflows, null pointer dereferences
and integer overflows have been discovered in the reference library
for reading and writing PNG images. These vulnerabilities have been
corrected in libpng which is used by the CoreGraphics and AppKit
frameworks in Mac OS X. After installing this update, applications
that use the PNG image format via these frameworks will be protected
against these flaws.

Note: The libpng security fixes are also available separately for Mac
OS X 10.3.4 and Mac OS X 10.2.8 via Security Update 2004-08-09.

==================

Component: Safari
CVE ID: CAN-2004-0743
Impact: In a special situation, navigation using the forward/backward
buttons can re-send form data to a GET url.

Description: This is for a situation where a web form is sent to a
server using a POST method which issues an HTTP redirect to a GET
method url. Using the forward/backward buttons will cause Safari to
re-POST the form data to the GET url. Safari has been modified so
that in this situation forward/backward navigation will result in only
a GET method.

==================

Component: TCP/IP Networking
CVE ID: CAN-2004-0744
Impact: Maliciously crafted IP fragments can use too many system
resources preventing normal network operation.

Description: The “Rose Attack” describes a specially constructed
sequence of IP fragments designed to consume system resources. The
TCP/IP implementation has been modified to limit the resources
consumed and prevents this denial of service attack.

================================================

Mac OS X 10.3.5 may be obtained from the Software Update
pane in System Preferences, or Apple’s Software Downloads web site:
<http://www.apple.com/support/downloads/&gt;

Information will also be posted to the Apple Product Security
web site:
<http://www.apple.com/support/security/security_updates.html&gt;

This message is signed with Apple’s Product Security PGP key,
and details are available at:
<http://www.apple.com/support/security/security_pgp.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Gentoo Affected

Updated: August 20, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Microsoft Corporation __ Affected

Notified: July 16, 2004 Updated: June 14, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see MS05-009 and MS05-025 for information concerning this vulnerability and its remediation.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

MontaVista Software Affected

Notified: July 16, 2004 Updated: August 04, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

OpenPKG Affected

Updated: August 20, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Slackware Affected

Updated: August 20, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

SuSE Inc. Affected

Notified: July 16, 2004 Updated: July 27, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Trustix Secure Linux Affected

Updated: August 20, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

libpng.org __ Affected

Notified: July 16, 2004 Updated: August 04, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

This issue has been resolved in libpng version 1.2.6rc1 (release candidate 1). An older version of libpng containing the backported fixes, 1.0.16rc1, is also available.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Juniper Networks __ Not Affected

Notified: July 16, 2004 Updated: July 27, 2004

Status

Not Affected

Vendor Statement

Juniper Networks products are not susceptible to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

NEC Corporation __ Not Affected

Notified: July 16, 2004 Updated: August 02, 2004

Status

Not Affected

Vendor Statement

sent on August 2, 2004

[Software Products]

* E-mail client software "WeMail"
(shareware developped by NEC Communication Systems,Ltd.)
- is NOT vulnerable.
It does not include any code originated from libPNG.

* We continue to try to investigate other products possibly affected
by these vulnerabilities.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

BSDI Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Conectiva Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Cray Inc. Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Debian Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Engarde Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

FreeBSD Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Fujitsu Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Hewlett-Packard Company Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Hitachi Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

IBM Unknown

Notified: July 16, 2004 Updated: July 30, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

IBM eServer Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

IBM-zSeries Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

IMmunix Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Ingrian Networks Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

MandrakeSoft Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

NETBSD Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Nokia Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Novell Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Openwall GNU/*/Linux Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Red Hat Inc. Unknown

Notified: July 16, 2004 Updated: July 27, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

SGI Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

ScO Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Sequent Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Sony Corporation Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Sun Microsystems Inc. Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

TurboLinux Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

Wind River Systems Inc. Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

eMC Corporation Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

uNisys Unknown

Updated: July 23, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23388984 Feedback>).

View all 40 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Chris Evans for reporting this vulnerability.

This document was written by Chad Dougherty and Damon Morda.

Other Information

CVE IDs: CVE-2004-0597
Severity Metric: 20.11 Date Public:

Related

cert 7
nessus 53
redhat 5
securityvulns 13
osv 5
openvas 46
debian 5
f5 2
freebsd 2
slackware 5
gentoo 4
suse 9
cve 10
ubuntucve 5
checkpoint_advisories 2
prion 1
fedora 9
coresecurity 1
cert
cert
libpng png_handle_iCCP() NULL pointer dereference
2004-08-04 00:00:00
libpng png_handle_sPLT() integer overflow
2004-08-04 00:00:00
libpng contains integer overflows in progressive display image reading
2004-08-04 00:00:00
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Update 2004-08-09)
2004-08-10 00:00:00
RHEL 2.1 / 3 : libpng (RHSA-2004:402)
2004-08-05 00:00:00
Mandrake Linux Security Advisory : chromium (MDKSA-2006:213)
2007-02-18 00:00:00
redhat
redhat
(RHSA-2004:402) libpng security update
2004-08-04 00:00:00
(RHSA-2004:249) libpng security update
2004-06-18 00:00:00
(RHSA-2003:007) libpng security update
2003-02-06 00:00:00
securityvulns
securityvulns
[ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities
2006-11-18 00:00:00
[ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities
2006-11-18 00:00:00
US-CERT Technical Cyber Security Alert TA04-217A -- Multiple Vulnerabilities in libpng
2004-08-05 00:00:00
osv
osv
libpng - several vulnerabilities
2004-08-04 00:00:00
libpng - buffer overflow
2002-12-19 00:00:00
libpng3 - buffer overflows, integer overflow
2004-10-20 00:00:00
openvas
openvas
Debian Security Advisory DSA 536-1 (libpng)
2008-01-17 00:00:00
Slackware Advisory SSA:2004-222-01 libpng
2012-09-11 00:00:00
Slackware Advisory SSA:2004-222-01 libpng
2012-09-11 00:00:00
debian
debian
[SECURITY] [DSA 536-1] New libpng, libpng3 packages fix multiple vulnerabilities
2004-08-05 02:10:24
[SECURITY] [DSA 213-1] New libpng packages fix buffer overflow
2002-12-19 14:44:16
[SECURITY] [DSA 213-1] New libpng packages fix buffer overflow
2002-12-19 14:44:16
f5
f5
Vulnerabilities in libpng - CAN-2004-0597, CAN-2004-0598, CAN-2004-0599
2007-05-17 04:00:00
SOL4009 - Vulnerabilities in libpng - CAN-2004-0597, CAN-2004-0598, CAN-2004-0599
2007-05-16 00:00:00
freebsd
freebsd
libpng stack-based buffer overflow and other code concerns
2004-08-04 00:00:00
libpng denial-of-service
2004-04-29 00:00:00
slackware
slackware
libpng
2004-08-09 20:40:50
[slackware-security] imagemagick
2004-08-10 21:26:39
libpng update
2004-05-03 13:08:30
gentoo
gentoo
libpng: Numerous vulnerabilities
2004-08-05 00:00:00
Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities
2004-08-23 00:00:00
libpng: Buffer overflow on row buffers
2004-07-08 00:00:00
suse
suse
remote system compromise in libpng
2004-08-04 15:12:06
possible remote compromise in libpng
2003-01-14 10:26:12
remote file disclosure in samba
2004-10-05 14:57:32
cve
cve
CVE-2002-1363
2002-12-26 05:00:00
CVE-2004-0744
2004-11-23 05:00:00
CVE-2004-0421
2004-08-18 04:00:00
ubuntucve
ubuntucve
CVE-2004-0598
2004-11-23 00:00:00
CVE-2004-0421
2004-08-18 00:00:00
CVE-2004-0599
2004-11-23 00:00:00
checkpoint_advisories
checkpoint_advisories
libpng Transparency Chunk Length Buffer Overflow (CVE-2004-0597)
2010-02-21 00:00:00
Libpng png_handle_sBIT Local Buffer Overflow - Ver2 (CVE-2004-0597)
2014-03-03 00:00:00
prion
prion
Out-of-bounds
2011-07-17 20:55:00
fedora
fedora
[SECURITY] Fedora 14 Update: mingw32-libpng-1.4.3-2.fc14
2011-07-16 07:29:14
[SECURITY] Fedora 15 Update: mingw32-libpng-1.4.3-3.fc15
2011-07-16 07:35:14
[SECURITY] Fedora 14 Update: libpng10-1.0.55-1.fc14
2011-07-23 01:56:18
coresecurity
coresecurity
MSN Messenger PNG Image Parsing Vulnerability
2005-02-08 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.6%

JSON
Related for VU:388984
cert7nessus53redhat5securityvulns13osv5openvas46debian5f52freebsd2slackware5gentoo4suse9cve10ubuntucve5checkpoint_advisories2prion1fedora9coresecurity1