FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0598

This CVE name corresponds to:

Entered Topic
2004-08-04 libpng stack-based buffer overflow and other code concerns

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2004-0598
Phase Assigned(20040623)

Description

The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.

References

Source Reference
MISC http://scary.beasts.org/security/CESA-2004-001.txt
APPLE APPLE-SA-2004-09-09
CONECTIVA CLA-2004:856
DEBIAN DSA-536
FEDORA FLSA:1943
GENTOO GLSA-200408-03
GENTOO GLSA-200408-22
HP SSRT4778
MANDRAKE MDKSA-2004:079
MANDRIVA MDKSA-2006:212
MANDRIVA MDKSA-2006:213
REDHAT RHSA-2004:402
REDHAT RHSA-2004:429
SCO SCOSA-2004.16
SUNALERT 200663
SUSE SUSE-SA:2004:023
TRUSTIX 2004-0040
BUGTRAQ 20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)
CONFIRM http://www.mozilla.org/projects/security/known-vulnerabilities.html
CERT TA04-217A
CERT-VN VU#236656
BID 10857
OVAL oval:org.mitre.oval:def:2572
OVAL oval:org.mitre.oval:def:10203
SECUNIA 22957
SECUNIA 22958
XF libpng-pnghandleiccp-dos(16895)