CVE-2004-0421

NONE EPSS 89.5%
Published Aug 18, 200421y ago · Modified Jun 16, 20262w ago
Find Similar
Published Aug 18, 2004 21y ago
Last Modified Jun 16, 2026 2w ago

Description

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

Threat Intelligence

EPSS Exploit Probability
89.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 26

VendorProductVersionRange
libpnglibpng1.0.0any
libpnglibpng1.0.5any
libpnglibpng1.0.6any
libpnglibpng1.0.7any
libpnglibpng1.0.8any
libpnglibpng1.0.9any
libpnglibpng1.0.10any
libpnglibpng1.0.11any
libpnglibpng1.0.12any
libpnglibpng1.0.13any
libpnglibpng1.0.14any
libpnglibpng1.2.0any
libpnglibpng1.2.1any
libpnglibpng1.2.2any
libpnglibpng1.2.3any
libpnglibpng1.2.4any
libpnglibpng1.2.5any
openpkgopenpkg1.3any
openpkgopenpkg2.0any
redhatlibpng1.2.2-16any
redhatlibpng1.2.2-20any
redhatenterprise_linux2.1any
redhatenterprise_linux3.0any
redhatenterprise_linux_desktop3.0any
trustixsecure_linux2.0any
trustixsecure_linux2.1any

References 17

  • lists.apple.com http://lists.apple.com/mhonarc/security-announce/msg00056.html
    Broken Link
  • marc.info http://marc.info/?l=bugtraq&m=108334922320309&w=2
    Mailing List
  • marc.info http://marc.info/?l=bugtraq&m=108335030208523&w=2
    Mailing List
  • marc.info http://marc.info/?l=fedora-announce-list&m=108451350029261&w=2
    Mailing List
  • marc.info http://marc.info/?l=fedora-announce-list&m=108451353608968&w=2
    Mailing List
  • secunia.com http://secunia.com/advisories/22957
    Broken Link
  • secunia.com http://secunia.com/advisories/22958
    Broken Link
  • debian.org http://www.debian.org/security/2004/dsa-498
    Broken Link
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:040
    Third Party Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
    Third Party Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:213
    Third Party Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-180.html
    Broken LinkPatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-181.html
    Broken Link
  • securityfocus.com http://www.securityfocus.com/bid/10244
    Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/16022
    Broken LinkVDB Entry
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710
    Broken Link
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971
    Broken Link

Remediation

  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-180.html
    Broken LinkPatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/10244
    Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory