ID CVE-2004-0421
Summary The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
References
Vulnerable Configurations
  • cpe:2.3:a:greg_roelofs:libpng:1.0
    cpe:2.3:a:greg_roelofs:libpng:1.0
  • cpe:2.3:a:greg_roelofs:libpng:1.0.5
    cpe:2.3:a:greg_roelofs:libpng:1.0.5
  • cpe:2.3:a:greg_roelofs:libpng:1.0.6
    cpe:2.3:a:greg_roelofs:libpng:1.0.6
  • cpe:2.3:a:greg_roelofs:libpng:1.0.7
    cpe:2.3:a:greg_roelofs:libpng:1.0.7
  • cpe:2.3:a:greg_roelofs:libpng:1.0.8
    cpe:2.3:a:greg_roelofs:libpng:1.0.8
  • cpe:2.3:a:greg_roelofs:libpng:1.0.9
    cpe:2.3:a:greg_roelofs:libpng:1.0.9
  • cpe:2.3:a:greg_roelofs:libpng:1.0.10
    cpe:2.3:a:greg_roelofs:libpng:1.0.10
  • cpe:2.3:a:greg_roelofs:libpng:1.0.11
    cpe:2.3:a:greg_roelofs:libpng:1.0.11
  • cpe:2.3:a:greg_roelofs:libpng:1.0.12
    cpe:2.3:a:greg_roelofs:libpng:1.0.12
  • cpe:2.3:a:greg_roelofs:libpng:1.0.13
    cpe:2.3:a:greg_roelofs:libpng:1.0.13
  • cpe:2.3:a:greg_roelofs:libpng:1.0.14
    cpe:2.3:a:greg_roelofs:libpng:1.0.14
  • cpe:2.3:a:greg_roelofs:libpng3:1.2.0
    cpe:2.3:a:greg_roelofs:libpng3:1.2.0
  • cpe:2.3:a:greg_roelofs:libpng3:1.2.1
    cpe:2.3:a:greg_roelofs:libpng3:1.2.1
  • cpe:2.3:a:greg_roelofs:libpng3:1.2.2
    cpe:2.3:a:greg_roelofs:libpng3:1.2.2
  • cpe:2.3:a:greg_roelofs:libpng3:1.2.3
    cpe:2.3:a:greg_roelofs:libpng3:1.2.3
  • cpe:2.3:a:greg_roelofs:libpng3:1.2.4
    cpe:2.3:a:greg_roelofs:libpng3:1.2.4
  • cpe:2.3:a:greg_roelofs:libpng3:1.2.5
    cpe:2.3:a:greg_roelofs:libpng3:1.2.5
  • OpenPKG 1.3
    cpe:2.3:a:openpkg:openpkg:1.3
  • OpenPKG 2.0
    cpe:2.3:a:openpkg:openpkg:2.0
  • cpe:2.3:a:redhat:libpng:1.2.2-16:-:i386
    cpe:2.3:a:redhat:libpng:1.2.2-16:-:i386
  • cpe:2.3:a:redhat:libpng:1.2.2-16:-:i386_dev
    cpe:2.3:a:redhat:libpng:1.2.2-16:-:i386_dev
  • cpe:2.3:a:redhat:libpng:1.2.2-20:-:i386
    cpe:2.3:a:redhat:libpng:1.2.2-20:-:i386
  • cpe:2.3:a:redhat:libpng:1.2.2-20:-:i386_dev
    cpe:2.3:a:redhat:libpng:1.2.2-20:-:i386_dev
  • cpe:2.3:a:redhat:libpng:10.1.0.13.8:-:i386
    cpe:2.3:a:redhat:libpng:10.1.0.13.8:-:i386
  • cpe:2.3:a:redhat:libpng:10.1.0.13.8:-:i386_dev
    cpe:2.3:a:redhat:libpng:10.1.0.13.8:-:i386_dev
  • cpe:2.3:a:redhat:libpng:10.1.0.13.11:-:i386
    cpe:2.3:a:redhat:libpng:10.1.0.13.11:-:i386
  • cpe:2.3:a:redhat:libpng:10.1.0.13.11:-:i386_dev
    cpe:2.3:a:redhat:libpng:10.1.0.13.11:-:i386_dev
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
  • Red Hat Desktop 3.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:3.0
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:ia64
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:ia64
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium_processor
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium_processor
  • Trustix Secure Linux 2.0
    cpe:2.3:o:trustix:secure_linux:2.0
  • Trustix Secure Linux 2.1
    cpe:2.3:o:trustix:secure_linux:2.1
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200405-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200405-06 (libpng denial of service vulnerability) libpng provides two functions (png_chunk_error and png_chunk_warning) for default error and warning messages handling. These functions do not perform proper bounds checking on the provided message, which is limited to 64 bytes. Programs linked against this library may crash when handling a malicious PNG image. Impact : This vulnerability could be used to crash various programs using the libpng library, potentially resulting in a denial of service attack on vulnerable daemon processes. Workaround : There is no known workaround at this time. All users are advised to upgrade to the latest available version of libpng.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 14492
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14492
    title GLSA-200405-06 : libpng denial of service vulnerability
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-9336.NASL
    description Update to libpng 1.2.46, includes fixes for CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 55738
    published 2011-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55738
    title Fedora 14 : libpng-1.2.46-1.fc14 (2011-9336)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-8867.NASL
    description This update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501. Also fixed in this release are some other minor security problems and there's additionally a bugfix backported from 1.5.3: when expanding a paletted image, always expand to RGBA if transparency is present. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 55655
    published 2011-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55655
    title Fedora 14 : libpng10-1.0.55-1.fc14 (2011-8867)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-498.NASL
    description Steve Grubb discovered a problem in the Portable Network Graphics library libpng which is utilised in several applications. When processing a broken PNG image, the error handling routine will access memory that is out of bounds when creating an error message. Depending on machine architecture, bounds checking and other protective measures, this problem could cause the program to crash if a defective or intentionally prepared PNG image file is handled by libpng. This could be used as a denial of service attack against various programs that link against this library. The following commands will show you which packages utilise this library and whose programs should probably restarted after an upgrade : apt-cache showpkg libpng2 apt-cache showpkg libpng3 The following security matrix explains which package versions will contain a correction. Package stable (woody) unstable (sid) libpng 1.0.12-3.woody.5 1.0.15-5 libpng3 1.2.1-1.1.woody.5 1.2.5.0-6
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15335
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15335
    title Debian DSA-498-1 : libpng - out of bound access
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-180.NASL
    description Updated libpng packages that fix a out of bounds memory access are now available. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. Steve Grubb discovered a out of bounds memory access flaw in libpng. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash when opened by a victim. This issue may not be used to execute arbitrary code. Users are advised to upgrade to these updated packages that contain a backported security fix not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12492
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12492
    title RHEL 2.1 / 3 : libpng (RHSA-2004:180)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-9343.NASL
    description Update to libpng 1.2.46, includes fixes for CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-11
    plugin id 55612
    published 2011-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55612
    title Fedora 15 : libpng-1.2.46-1.fc15 (2011-9343)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-8868.NASL
    description Fix for CVE-2011-2501. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 55599
    published 2011-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55599
    title Fedora 14 : mingw32-libpng-1.4.3-2.fc14 (2011-8868)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-040.NASL
    description Steve Grubb discovered that libpng would access memory that is out of bounds when creating an error message. The impact of this bug is not clear, but it could lead to a core dump in a program using libpng, or could result in a DoS (Denial of Service) condition in a daemon that uses libpng to process PNG imagaes. The updated packages are patched to correct the vulnerability.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14139
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14139
    title Mandrake Linux Security Advisory : libpng (MDKSA-2004:040)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-8844.NASL
    description This update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501. Also fixed in this release are some other minor security problems and there's additionally a bugfix backported from 1.5.3: when expanding a paletted image, always expand to RGBA if transparency is present. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-11
    plugin id 55654
    published 2011-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55654
    title Fedora 15 : libpng10-1.0.55-1.fc15 (2011-8844)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-213.NASL
    description Chromium is an OpenGL-based shoot them up game with fine graphics. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities : Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to 'chunk error processing,' possibly involving the 'chunk_name'. (CVE-2006-3334) It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12. In addition, an patch to address several old vulnerabilities has been applied to this build. (CVE-2002-1363, CVE-2004-0421, CVE-2004-0597, CVE-2004-0598, CVE-2004-0599) Packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24598
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24598
    title Mandrake Linux Security Advisory : chromium (MDKSA-2006:213)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_LIBPNG.NASL
    description The following package needs to be updated: linux-png
    last seen 2016-09-26
    modified 2011-10-03
    plugin id 12563
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12563
    title FreeBSD : libpng denial-of-service (93)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3A408F6F9C5211D893660020ED76EF5A.NASL
    description Steve Grubb reports a buffer read overrun in libpng's png_format_buffer function. A specially constructed PNG image processed by an application using libpng may trigger the buffer read overrun and possibly result in an application crash.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 37799
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37799
    title FreeBSD : libpng denial-of-service (3a408f6f-9c52-11d8-9366-0020ed76ef5a)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2004-124-04.NASL
    description New libpng packages are available for Slackware 9.0, 9.1, and -current to fix an issue where libpng could be caused to crash, perhaps creating a denial of service issue if network services are linked with it.
    last seen 2019-02-21
    modified 2013-06-01
    plugin id 18751
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18751
    title Slackware 9.0 / 9.1 / current : libpng update (SSA:2004-124-04)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-105.NASL
    description - Mon Apr 19 2004 Matthias Clasen - fix a possible out-of-bounds read in the error message handler. #121229 - Tue Mar 02 2004 Elliot Lee - rebuilt - Fri Feb 27 2004 Mark McLoughlin 2:1.2.2-19 - rebuild with changed bits/setjmp.h on ppc - Fri Feb 13 2004 Elliot Lee - rebuilt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13688
    published 2004-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13688
    title Fedora Core 1 : libpng-1.2.2-20 (2004-105)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-8874.NASL
    description Fix for CVE-2011-2501. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-11
    plugin id 55600
    published 2011-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55600
    title Fedora 15 : mingw32-libpng-1.4.3-3.fc15 (2011-8874)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-106.NASL
    description - Mon Apr 19 2004 Matthias Clasen - fix a possible out-of-bounds read in the error message handler. #121229 - Tue Mar 02 2004 Elliot Lee - rebuilt - Fri Feb 13 2004 Elliot Lee - rebuilt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13689
    published 2004-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13689
    title Fedora Core 1 : libpng10-1.0.13-11 (2004-106)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-212.NASL
    description Doxygen is a documentation system for C, C++ and IDL. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities : Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to 'chunk error processing,' possibly involving the 'chunk_name'. (CVE-2006-3334) It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12. Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash. (CVE-2006-5793) In addition, an patch to address several old vulnerabilities has been applied to this build. (CVE-2002-1363, CVE-2004-0421, CVE-2004-0597, CVE-2004-0598, CVE-2004-0599) Packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24597
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24597
    title Mandrake Linux Security Advisory : doxygen (MDKSA-2006:212)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD20040809.NASL
    description The remote host is missing Security Update 2004-08-09. libpng is a library used for manipulating graphics files. Several buffer overflows have been discovered in libpng. A remote attacker could exploit these vulnerabilities by tricking a user into opening a maliciously crafted PNG file, resulting in the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 14242
    published 2004-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14242
    title Mac OS X Multiple Vulnerabilities (Security Update 2004-08-09)
oval via4
  • accepted 2013-04-29T04:15:26.599-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
    family unix
    id oval:org.mitre.oval:def:11710
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
    version 24
  • accepted 2007-04-25T19:53:11.593-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    description The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
    family unix
    id oval:org.mitre.oval:def:971
    status accepted
    submitted 2004-05-20T12:00:00.000-04:00
    title libpng Malformed PNG Image Vulnerability
    version 33
redhat via4
advisories
  • rhsa
    id RHSA-2004:180
  • rhsa
    id RHSA-2004:181
refmap via4
apple APPLE-SA-2004-09-09
bid 10244
bugtraq 20040429 [OpenPKG-SA-2004.017] OpenPKG Security Advisory (png)
debian DSA-498
fedora
  • FEDORA-2004-105
  • FEDORA-2004-106
mandrake MDKSA-2004:040
mandriva
  • MDKSA-2006:212
  • MDKSA-2006:213
secunia
  • 22957
  • 22958
trustix 2004-0025
xf libpng-png-dos(16022)
Last major update 17-10-2016 - 22:45
Published 18-08-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top