CVE-2004-0597

critical

Description

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284

https://exchange.xforce.ibmcloud.com/vulnerabilities/16894

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009

https://bugzilla.fedora.us/show_bug.cgi?id=1943

http://www.us-cert.gov/cas/techalerts/TA05-039A.html

http://www.us-cert.gov/cas/techalerts/TA04-217A.html

http://www.trustix.net/errata/2004/0040/

http://www.securityfocus.com/bid/15495

http://www.redhat.com/support/errata/RHSA-2004-429.html

http://www.redhat.com/support/errata/RHSA-2004-421.html

http://www.redhat.com/support/errata/RHSA-2004-402.html

http://www.novell.com/linux/security/advisories/2004_23_libpng.html

http://www.mozilla.org/projects/security/known-vulnerabilities.html

http://www.mandriva.com/security/advisories?name=MDKSA-2006:213

http://www.mandriva.com/security/advisories?name=MDKSA-2006:212

http://www.mandriva.com/security/advisories?name=MDKSA-2004:079

http://www.kb.cert.org/vuls/id/817368

http://www.kb.cert.org/vuls/id/388984

http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml

http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml

http://www.debian.org/security/2004/dsa-536

http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10

http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1

http://secunia.com/advisories/22958

http://secunia.com/advisories/22957

http://marc.info/?l=bugtraq&m=110796779903455&w=2

http://marc.info/?l=bugtraq&m=109900315219363&w=2

http://marc.info/?l=bugtraq&m=109761239318458&w=2

http://marc.info/?l=bugtraq&m=109181639602978&w=2

http://marc.info/?l=bugtraq&m=109163866717909&w=2

http://lists.apple.com/mhonarc/security-announce/msg00056.html

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856

Details

Source: Mitre, NVD

Published: 2004-11-23

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical