Buffer Overflow Vulnerabilities in Libpng Affecting Multiple Products
CVE-2004-0597

Currently unrated

Key Information:

Vendor: Microsoft
Status: Msn Messenger; Libpng; Windows Messenger; Windows Media Player
Vendor: CVE Published:; 23 November 2004

Summary

Libpng versions 1.2.5 and earlier contain multiple buffer overflow vulnerabilities that can be exploited by remote attackers. These flaws arise from improper validation of the length of transparency chunk (tRNS) data in the png_handle_tRNS function, as well as insufficient bounds checking in png_handle_sBIT and png_handle_hIST functions. This can lead to arbitrary code execution when processing crafted PNG images, posing a significant risk to systems utilizing affected versions.

References

http://www.trustix.net/errata/2004/0040/

vendor-advisoryx_refsource_TRUSTIX

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

84% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 23, 2004
Vulnerability Reserved
Jun 23, 2004