1. CVE-Search
  2. CVE-2004-0597
ID CVE-2004-0597
Summary Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
References
Vulnerable Configurations
  • cpe:2.3:a:greg_roelofs:libpng:*:*:*:*:*:*:*:*
    cpe:2.3:a:greg_roelofs:libpng:*:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:msn_messenger:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:msn_messenger:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:msn_messenger:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:msn_messenger:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_messenger:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_messenger:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_me:*:*:second_edition:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_me:*:*:second_edition:*:*:*:*:*
CVSS
Base: 10.0 (as of 12-10-2018 - 21:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2013-04-29T04:12:54.766-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
    family unix
    id oval:org.mitre.oval:def:11284
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
    version 31
  • accepted 2007-05-07T11:15:43.648-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jason Spashett
      organization Centennial Software
    • name John Hoyland
      organization Centennial Software
    • name Dragos Prisaca
      organization Secure Elements, Inc.
    • name Josh Turpin
      organization Symantec Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
    family windows
    id oval:org.mitre.oval:def:2274
    status deprecated
    submitted 2005-03-29T12:00:00.000-04:00
    title Windows Messenger 5 libpng Buffer Overflow
    version 12
  • accepted 2005-03-09T07:56:00.000-04:00
    class vulnerability
    contributors
    name Brian Soby
    organization The MITRE Corporation
    description Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
    family unix
    id oval:org.mitre.oval:def:2378
    status accepted
    submitted 2004-12-12T12:00:00.000-04:00
    title Multiple Buffer Overflows in libpng
    version 34
  • accepted 2005-06-22T12:38:00.000-04:00
    class vulnerability
    contributors
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
    family windows
    id oval:org.mitre.oval:def:4492
    status deprecated
    submitted 2005-04-26T12:00:00.000-04:00
    title Adobe Acrobat Reader libpng Buffer Overflow
    version 3
  • accepted 2007-05-09T16:11:07.574-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Maria Kedovskaya
      organization ALTX-SOFT
    description Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
    family windows
    id oval:org.mitre.oval:def:594
    status deprecated
    submitted 2005-03-29T12:00:00.000-04:00
    title Windows Messenger 6 libpng Buffer Overflow
    version 9
  • accepted 2015-05-04T04:00:21.836-04:00
    class vulnerability
    contributors
    • name Josh Turpin
      organization Symantec Corporation
    • name Josh Turpin
      organization Symantec Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Windows Server 2003 (x86) Gold is installed
      oval oval:org.mitre.oval:def:165
    • comment Microsoft Windows Server 2003 SP1 (x86) is installed
      oval oval:org.mitre.oval:def:565
    • comment Microsoft Windows XP Professional x64 Edition SP1 is installed
      oval oval:org.mitre.oval:def:720
    • comment Microsoft Windows XP SP1 (32-bit) is installed
      oval oval:org.mitre.oval:def:1
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP SP1 (32-bit) is installed
      oval oval:org.mitre.oval:def:1
    • comment MSN Messenger 4.7 is installed
      oval oval:org.mitre.oval:def:6101
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment MSN Messenger 4.7 is installed
      oval oval:org.mitre.oval:def:6101
    • comment MSN Messenger 6.1 is installed
      oval oval:org.mitre.oval:def:8701
    • comment MSN Messenger 6.2 is installed
      oval oval:org.mitre.oval:def:2187
    description Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
    family windows
    id oval:org.mitre.oval:def:7709
    status accepted
    submitted 2010-01-15T14:00:00
    title libpng buffer overflow
    version 33
redhat via4
advisories
  • rhsa
    id RHSA-2004:402
  • rhsa
    id RHSA-2004:421
  • rhsa
    id RHSA-2004:429
rpms
  • libpng-2:1.2.2-25
  • libpng-debuginfo-2:1.2.2-25
  • libpng-devel-2:1.2.2-25
  • libpng10-0:1.0.13-15
  • libpng10-debuginfo-0:1.0.13-15
  • libpng10-devel-0:1.0.13-15
refmap via4
apple APPLE-SA-2004-09-09
bid
  • 10857
  • 15495
bugtraq
  • 20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)
  • 20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit
cert
  • TA04-217A
  • TA05-039A
cert-vn
  • VU#388984
  • VU#817368
conectiva CLA-2004:856
confirm
debian DSA-536
fedora
  • FLSA:1943
  • FLSA:2089
gentoo
  • GLSA-200408-03
  • GLSA-200408-22
hp SSRT4778
mandrake MDKSA-2004:079
mandriva
  • MDKSA-2006:212
  • MDKSA-2006:213
misc
sco
  • SCOSA-2004.16
  • SCOSA-2005.49
secunia
  • 22957
  • 22958
sunalert 200663
suse SUSE-SA:2004:023
trustix 2004-0040
vulnwatch 20050208 CORE-2004-0819: MSN Messenger PNG Image Parsing Vulnerability
xf libpng-pnghandle-bo(16894)
Last major update 12-10-2018 - 21:34
Published 23-11-2004 - 05:00
Last modified 12-10-2018 - 21:34
Back to Top