FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0599

This CVE name corresponds to:

Entered Topic
2004-08-04 libpng stack-based buffer overflow and other code concerns

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0599 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0599
Phase Assigned(20040623)

Description

Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.

References

Source Reference
MISC http://scary.beasts.org/security/CESA-2004-001.txt
APPLE APPLE-SA-2004-09-09
CONECTIVA CLA-2004:856
DEBIAN DSA-536
DEBIAN DSA-570
DEBIAN DSA-571
FEDORA FLSA:1943
FEDORA FLSA:2089
GENTOO GLSA-200408-03
GENTOO GLSA-200408-22
HP SSRT4778
MANDRAKE MDKSA-2004:079
MANDRIVA MDKSA-2006:212
MANDRIVA MDKSA-2006:213
REDHAT RHSA-2004:402
REDHAT RHSA-2004:421
REDHAT RHSA-2004:429
SCO SCOSA-2004.16
SCO SCOSA-2005.49
SUNALERT 200663
SUSE SUSE-SA:2004:023
TRUSTIX 2004-0040
BUGTRAQ 20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)
CONFIRM http://www.mozilla.org/projects/security/known-vulnerabilities.html
CERT TA04-217A
CERT-VN VU#160448
CERT-VN VU#286464
CERT-VN VU#477512
BID 15495
BID 10857
OVAL oval:org.mitre.oval:def:1479
OVAL oval:org.mitre.oval:def:10938
SECUNIA 22957
SECUNIA 22958
XF lilbpng-integer-bo(16896)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.