CVE Vulnerabilities

CVE-2004-0597

Published: Nov 23, 2004 | Modified: Oct 12, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

Affected Software

Name Vendor Start Version End Version
Libpng Greg_roelofs * 1.2.5 (including)
Msn_messenger Microsoft 6.1 (including) 6.1 (including)
Msn_messenger Microsoft 6.2 (including) 6.2 (including)
Windows_media_player Microsoft 9 (including) 9 (including)
Windows_messenger Microsoft 5.0 (including) 5.0 (including)
Red Hat Enterprise Linux 2.1 RedHat galeon *
Red Hat Enterprise Linux 3 RedHat libpng-2:1.2.2-25 *
Red Hat Enterprise Linux 3 RedHat libpng10-0:1.0.13-15 *
Red Hat Enterprise Linux 3 RedHat mozilla *
Red Hat Enterprise Linux ES version 2.1 RedHat *
Red Hat Enterprise Linux WS version 2.1 RedHat *
Libpng Ubuntu dapper *
Libpng Ubuntu devel *
Libpng Ubuntu edgy *
Libpng Ubuntu feisty *
Libpng3 Ubuntu dapper *
Libpng3 Ubuntu edgy *

References