CVE Vulnerabilities

CVE-2004-0597

Published: Nov 23, 2004 | Modified: Oct 12, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

Affected Software

Name Vendor Start Version End Version
Libpng Greg_roelofs * 1.2.5
Msn_messenger Microsoft 6.1 6.1
Msn_messenger Microsoft 6.2 6.2
Windows_media_player Microsoft 9 9
Windows_messenger Microsoft 5.0 5.0
Red Hat Enterprise Linux 2.1 RedHat galeon *
Red Hat Enterprise Linux 3 RedHat libpng-2:1.2.2-25 *
Red Hat Enterprise Linux 3 RedHat libpng10-0:1.0.13-15 *
Red Hat Enterprise Linux 3 RedHat mozilla *
Libpng Ubuntu dapper *
Libpng Ubuntu devel *
Libpng Ubuntu edgy *
Libpng Ubuntu feisty *
Libpng3 Ubuntu dapper *
Libpng3 Ubuntu edgy *

References