FKIE_CVE-2004-0421

Vulnerability from fkie_nvd - Published: 2004-08-18 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
References
cve@mitre.orghttp://lists.apple.com/mhonarc/security-announce/msg00056.htmlBroken Link
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108334922320309&w=2Mailing List
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108335030208523&w=2Mailing List
cve@mitre.orghttp://marc.info/?l=fedora-announce-list&m=108451350029261&w=2Mailing List
cve@mitre.orghttp://marc.info/?l=fedora-announce-list&m=108451353608968&w=2Mailing List
cve@mitre.orghttp://secunia.com/advisories/22957Broken Link
cve@mitre.orghttp://secunia.com/advisories/22958Broken Link
cve@mitre.orghttp://www.debian.org/security/2004/dsa-498Broken Link
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:040Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:212Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:213Third Party Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-180.htmlBroken Link, Patch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-181.htmlBroken Link
cve@mitre.orghttp://www.securityfocus.com/bid/10244Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16022Broken Link, VDB Entry
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710Broken Link
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971Broken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/mhonarc/security-announce/msg00056.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108334922320309&w=2Mailing List
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108335030208523&w=2Mailing List
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=fedora-announce-list&m=108451350029261&w=2Mailing List
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=fedora-announce-list&m=108451353608968&w=2Mailing List
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22957Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22958Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-498Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:040Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:212Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:213Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-180.htmlBroken Link, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-181.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/10244Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16022Broken Link, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710Broken Link
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971Broken Link
Impacted products
Vendor Product Version
libpng libpng 1.0.0
libpng libpng 1.0.5
libpng libpng 1.0.6
libpng libpng 1.0.7
libpng libpng 1.0.8
libpng libpng 1.0.9
libpng libpng 1.0.10
libpng libpng 1.0.11
libpng libpng 1.0.12
libpng libpng 1.0.13
libpng libpng 1.0.14
libpng libpng 1.2.0
libpng libpng 1.2.1
libpng libpng 1.2.2
libpng libpng 1.2.3
libpng libpng 1.2.4
libpng libpng 1.2.5
openpkg openpkg 1.3
openpkg openpkg 2.0
redhat libpng 1.2.2-16
redhat libpng 1.2.2-20
redhat enterprise_linux 2.1
redhat enterprise_linux 3.0
redhat enterprise_linux_desktop 3.0
trustix secure_linux 2.0
trustix secure_linux 2.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D6B3DAF-DF99-48B2-8E7C-BE8E043D4C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF2C6F3-BFE7-4234-9975-DE7FCDA26A46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B79DC5F-5062-4031-BA11-746EE3C8E1CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD6DE25-8B2F-4DB9-9969-8AAC23BC0AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F2B503-1516-465D-A558-9932BDB3457D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA94EAAA-A4D2-4E36-BC69-BBE9644FE970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3A7C96C-8FBB-42B4-937E-3321C939CC87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "94084356-D39B-41B2-AC24-0ADAD0BF5988",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "086C6335-7872-46A7-AEB1-9BE5AE5A788C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF8233B1-04A0-4E25-97EE-CF466B48A12E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA714E7E-05EF-4598-9324-887BC66C675E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C036011A-9AE1-423C-8B73-188B9BA20FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "663C6EE5-5B5E-4C0F-9E7F-D0E1DA9AF9EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8051459E-94D3-4D4A-9D40-CC9475DDB00C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "42056C63-69A7-43CF-828C-0C3E365702D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B6A39A3-7F86-4DC3-B248-859630AFB9A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "58377AE3-1C13-4C3F-BC55-8336DAEEF97F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48A4B336-2D5B-4D9B-AA87-E5266FED05BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:libpng:1.2.2-16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4826B607-8DAB-44A4-B4FF-4BBFF9A05487",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:libpng:1.2.2-20:*:*:*:*:*:*:*",
              "matchCriteriaId": "3701107A-C208-426B-9EA0-CD1794D0EDA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A423B773-6B8B-4BA3-80A1-C8CAEF4D9BBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "40D8DAE0-8E75-435C-9BD6-FAEED2ACB47C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message."
    },
    {
      "lang": "es",
      "value": "La librer\u00eda de Graficos de Red Portables (libpng) 1.0.15 y anteriores permiten a atacantes causar una denegaci\u00f3n de servicio (ca\u00edda) mediante un fichero de imagen PNG que dispara un error que causa un lectura fuera de l\u00edmites cuando se crea el mensaje de error."
    }
  ],
  "id": "CVE-2004-0421",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-08-18T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=108334922320309\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=108335030208523\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=fedora-announce-list\u0026m=108451350029261\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=fedora-announce-list\u0026m=108451353608968\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/22957"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/22958"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.debian.org/security/2004/dsa-498"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:040"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-180.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-181.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Patch",
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/10244"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16022"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=108334922320309\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=108335030208523\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=fedora-announce-list\u0026m=108451350029261\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=fedora-announce-list\u0026m=108451353608968\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/22957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/22958"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.debian.org/security/2004/dsa-498"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-180.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-181.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/10244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.