// For flags

CVE-2004-0599

 

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.

Múltiples desbordamientos de enteros en las funciónes (1) png_read o (2) png_handle_sPLT o la capacidad (3) visualización progresiva de imagen en libpng 1.2.5 y anteriores permiten a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante una imagen PNG malformada.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2004-06-23 CVE Reserved
  • 2004-08-05 CVE Published
  • 2024-08-08 CVE Updated
  • 2024-08-08 First Exploit
  • 2025-03-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (37)
URL Tag Source
http://marc.info/?l=bugtraq&m=109163866717909&w=2 Mailing List
http://secunia.com/advisories/22957 Third Party Advisory
http://secunia.com/advisories/22958 Third Party Advisory
http://www.kb.cert.org/vuls/id/160448 Third Party Advisory
http://www.kb.cert.org/vuls/id/286464 Third Party Advisory
http://www.kb.cert.org/vuls/id/477512 Third Party Advisory
http://www.mozilla.org/projects/security/known-vulnerabilities.html X_refsource_confirm
http://www.securityfocus.com/bid/15495 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA04-217A.html Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16896 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10938 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1479 Signature
URL Date SRC
http://www.securityfocus.com/bid/10857 2024-08-08
URL Date SRC
http://www.debian.org/security/2004/dsa-536 2017-10-11
http://www.debian.org/security/2004/dsa-570 2017-10-11
http://www.debian.org/security/2004/dsa-571 2017-10-11
http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml 2017-10-11
http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml 2017-10-11
http://www.novell.com/linux/security/advisories/2004_23_libpng.html 2017-10-11
https://bugzilla.fedora.us/show_bug.cgi?id=1943 2017-10-11
URL Date SRC
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt 2017-10-11
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856 2017-10-11
http://lists.apple.com/mhonarc/security-announce/msg00056.html 2017-10-11
http://marc.info/?l=bugtraq&m=109181639602978&w=2 2017-10-11
http://marc.info/?l=bugtraq&m=109761239318458&w=2 2017-10-11
http://marc.info/?l=bugtraq&m=109900315219363&w=2 2017-10-11
http://scary.beasts.org/security/CESA-2004-001.txt 2017-10-11
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1 2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2004:079 2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212 2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2006:213 2017-10-11
http://www.redhat.com/support/errata/RHSA-2004-402.html 2017-10-11
http://www.redhat.com/support/errata/RHSA-2004-421.html 2017-10-11
http://www.redhat.com/support/errata/RHSA-2004-429.html 2017-10-11
http://www.trustix.net/errata/2004/0040 2017-10-11
https://access.redhat.com/security/cve/CVE-2004-0599 2004-08-18
https://bugzilla.redhat.com/show_bug.cgi?id=1617237 2004-08-18
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Greg Roelofs
Search vendor "Greg Roelofs"
 Libpng
Search vendor "Greg Roelofs" for product "Libpng"
 <= 1.2.5
Search vendor "Greg Roelofs" for product "Libpng" and version " <= 1.2.5"
-
Affected