5

CVE-2004-0421

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibpngLibpng Version1.0.0
LibpngLibpng Version1.0.5
LibpngLibpng Version1.0.6
LibpngLibpng Version1.0.7
LibpngLibpng Version1.0.8
LibpngLibpng Version1.0.9
LibpngLibpng Version1.0.10
LibpngLibpng Version1.0.11
LibpngLibpng Version1.0.12
LibpngLibpng Version1.0.13
LibpngLibpng Version1.0.14
LibpngLibpng Version1.2.0
LibpngLibpng Version1.2.1
LibpngLibpng Version1.2.2
LibpngLibpng Version1.2.3
LibpngLibpng Version1.2.4
LibpngLibpng Version1.2.5
OpenpkgOpenpkg Version1.3
OpenpkgOpenpkg Version2.0
RedhatLibpng Version1.2.2-16
RedhatLibpng Version1.2.2-20
RedhatEnterprise Linux Version2.1
RedhatEnterprise Linux Version3.0
TrustixSecure Linux Version2.0
TrustixSecure Linux Version2.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.11% 0.895
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://lists.apple.com/mhonarc/security-announce/msg00056.html
Broken Link
http://marc.info/?l=bugtraq&m=108334922320309&w=2
Mailing List
http://marc.info/?l=bugtraq&m=108335030208523&w=2
Mailing List
http://marc.info/?l=fedora-announce-list&m=108451350029261&w=2
Mailing List
http://marc.info/?l=fedora-announce-list&m=108451353608968&w=2
Mailing List
http://secunia.com/advisories/22957
Broken Link
http://secunia.com/advisories/22958
Broken Link
http://www.debian.org/security/2004/dsa-498
Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2004:040
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:213
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2004-180.html
Patch
Vendor Advisory
Broken Link
http://www.redhat.com/support/errata/RHSA-2004-181.html
Broken Link
http://www.securityfocus.com/bid/10244
Patch
Third Party Advisory
Vendor Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/16022
Broken Link
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971
Broken Link