CVE-2004-0421

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-0421
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www.securityfocus.com/bid/10244 Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2004-180.html Patch Vendor Advisory
http://lists.apple.com/mhonarc/security-announce/msg00056.html
http://www.debian.org/security/2004/dsa-498
http://www.redhat.com/support/errata/RHSA-2004-181.html
http://secunia.com/advisories/22957
http://secunia.com/advisories/22958
http://www.mandriva.com/security/advisories?name=MDKSA-2004:040
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
http://www.mandriva.com/security/advisories?name=MDKSA-2006:213
http://marc.info/?l=bugtraq&m=108334922320309&w=2
http://marc.info/?l=bugtraq&m=108335030208523&w=2
http://marc.info/?l=fedora-announce-list&m=108451350029261&w=2
http://marc.info/?l=fedora-announce-list&m=108451353608968&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/16022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:greg_roelofs:libpng:1.0:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng3:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng3:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libpng:10.1.0.13.11:*:i386_dev:*:*:*:*:*
cpe:2.3:a:redhat:libpng:10.1.0.13.8:*:i386:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.0.12:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.0.13:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng3:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng3:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libpng:1.2.2-16:*:i386_dev:*:*:*:*:*
cpe:2.3:a:redhat:libpng:1.2.2-20:*:i386:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.0.14:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng3:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng3:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libpng:1.2.2-20:*:i386_dev:*:*:*:*:*
cpe:2.3:a:redhat:libpng:10.1.0.13.11:*:i386:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libpng:1.2.2-16:*:i386:*:*:*:*:*
cpe:2.3:a:redhat:libpng:10.1.0.13.8:*:i386_dev:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
Information

Published : 2004-08-18 04:00

Updated : 2017-10-11 01:29

NVD link : CVE-2004-0421

Mitre link : CVE-2004-0421

JSON object : View

Products Affected

greg_roelofs

  • libpng3
  • libpng

redhat

  • enterprise_linux
  • linux_advanced_workstation
  • libpng
  • enterprise_linux_desktop

trustix

  • secure_linux

openpkg

  • openpkg
CWE
NVD-CWE-Other