// For flags

CVE-2004-0597

LibPNG 1.2.5 - 'png_jmpbuf()' Local Buffer Overflow

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2004-06-23 CVE Reserved
  • 2004-08-05 CVE Published
  • 2004-08-11 First Exploit
  • 2024-08-08 CVE Updated
  • 2024-08-20 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (47)
URL Tag Source
http://marc.info/?l=bugtraq&m=109163866717909&w=2 Mailing List
http://marc.info/?l=bugtraq&m=110796779903455&w=2 Mailing List
http://secunia.com/advisories/22957 Third Party Advisory
http://secunia.com/advisories/22958 Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1 X_refsource_confirm
http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10 X_refsource_misc
http://www.kb.cert.org/vuls/id/388984 Third Party Advisory
http://www.kb.cert.org/vuls/id/817368 Third Party Advisory
http://www.mozilla.org/projects/security/known-vulnerabilities.html X_refsource_confirm
http://www.securityfocus.com/bid/15495 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA04-217A.html Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA05-039A.html Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16894 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709 Signature
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Greg Roelofs
Search vendor "Greg Roelofs"
Libpng
Search vendor "Greg Roelofs" for product "Libpng"
<= 1.2.5
Search vendor "Greg Roelofs" for product "Libpng" and version " <= 1.2.5"
-
Affected
Microsoft
Search vendor "Microsoft"
Msn Messenger
Search vendor "Microsoft" for product "Msn Messenger"
6.1
Search vendor "Microsoft" for product "Msn Messenger" and version "6.1"
-
Affected
Microsoft
Search vendor "Microsoft"
Msn Messenger
Search vendor "Microsoft" for product "Msn Messenger"
6.2
Search vendor "Microsoft" for product "Msn Messenger" and version "6.2"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows Media Player
Search vendor "Microsoft" for product "Windows Media Player"
9
Search vendor "Microsoft" for product "Windows Media Player" and version "9"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows Messenger
Search vendor "Microsoft" for product "Windows Messenger"
5.0
Search vendor "Microsoft" for product "Windows Messenger" and version "5.0"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows 98se
Search vendor "Microsoft" for product "Windows 98se"
*-
Affected
Microsoft
Search vendor "Microsoft"
Windows Me
Search vendor "Microsoft" for product "Windows Me"
*second_edition
Affected