4.3

CVE-2008-3964

Exploit
Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibpngLibpng Version < 1.2.32
LibpngLibpng Version1.4.0 Updatebeta1
LibpngLibpng Version1.4.0 Updatebeta10
LibpngLibpng Version1.4.0 Updatebeta11
LibpngLibpng Version1.4.0 Updatebeta12
LibpngLibpng Version1.4.0 Updatebeta13
LibpngLibpng Version1.4.0 Updatebeta14
LibpngLibpng Version1.4.0 Updatebeta15
LibpngLibpng Version1.4.0 Updatebeta16
LibpngLibpng Version1.4.0 Updatebeta17
LibpngLibpng Version1.4.0 Updatebeta18
LibpngLibpng Version1.4.0 Updatebeta19
LibpngLibpng Version1.4.0 Updatebeta2
LibpngLibpng Version1.4.0 Updatebeta20
LibpngLibpng Version1.4.0 Updatebeta21
LibpngLibpng Version1.4.0 Updatebeta22
LibpngLibpng Version1.4.0 Updatebeta23
LibpngLibpng Version1.4.0 Updatebeta24
LibpngLibpng Version1.4.0 Updatebeta25
LibpngLibpng Version1.4.0 Updatebeta26
LibpngLibpng Version1.4.0 Updatebeta27
LibpngLibpng Version1.4.0 Updatebeta28
LibpngLibpng Version1.4.0 Updatebeta29
LibpngLibpng Version1.4.0 Updatebeta3
LibpngLibpng Version1.4.0 Updatebeta30
LibpngLibpng Version1.4.0 Updatebeta31
LibpngLibpng Version1.4.0 Updatebeta32
LibpngLibpng Version1.4.0 Updatebeta33
LibpngLibpng Version1.4.0 Updatebeta4
LibpngLibpng Version1.4.0 Updatebeta5
LibpngLibpng Version1.4.0 Updatebeta6
LibpngLibpng Version1.4.0 Updatebeta7
LibpngLibpng Version1.4.0 Updatebeta8
LibpngLibpng Version1.4.0 Updatebeta9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.34% 0.871
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

http://secunia.com/advisories/33137
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200812-15.xml
Third Party Advisory
http://secunia.com/advisories/35302
Third Party Advisory
http://secunia.com/advisories/35386
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1462
Permissions Required
http://www.vupen.com/english/advisories/2009/1560
Permissions Required
http://secunia.com/advisories/31781
Third Party Advisory
http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement
Third Party Advisory
http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517
Third Party Advisory
Product
http://sourceforge.net/project/shownotes.php?release_id=624518
Patch
Broken Link
http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624
Third Party Advisory
Exploit
http://www.kb.cert.org/vuls/id/889484
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2009:051
Broken Link
http://www.openwall.com/lists/oss-security/2008/09/09/3
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2008/09/09/8
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/31049
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/2512
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/44928
Third Party Advisory
VDB Entry