CVE-2004-0421
NONE EPSS 89.5%
Published Aug 18, 200421y ago · Modified Jun 16, 20262w ago
Published Aug 18, 2004 21y ago
Last Modified Jun 16, 2026 2w ago
Description
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
Threat Intelligence
EPSS Exploit Probability
89.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-125 Out-of-bounds Read Memory Safety
Affected Products 26
| Vendor | Product | Version | Range |
|---|---|---|---|
| libpng | libpng | 1.0.0 | any |
| libpng | libpng | 1.0.5 | any |
| libpng | libpng | 1.0.6 | any |
| libpng | libpng | 1.0.7 | any |
| libpng | libpng | 1.0.8 | any |
| libpng | libpng | 1.0.9 | any |
| libpng | libpng | 1.0.10 | any |
| libpng | libpng | 1.0.11 | any |
| libpng | libpng | 1.0.12 | any |
| libpng | libpng | 1.0.13 | any |
| libpng | libpng | 1.0.14 | any |
| libpng | libpng | 1.2.0 | any |
| libpng | libpng | 1.2.1 | any |
| libpng | libpng | 1.2.2 | any |
| libpng | libpng | 1.2.3 | any |
| libpng | libpng | 1.2.4 | any |
| libpng | libpng | 1.2.5 | any |
| openpkg | openpkg | 1.3 | any |
| openpkg | openpkg | 2.0 | any |
| redhat | libpng | 1.2.2-16 | any |
| redhat | libpng | 1.2.2-20 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux_desktop | 3.0 | any |
| trustix | secure_linux | 2.0 | any |
| trustix | secure_linux | 2.1 | any |
References 17
- lists.apple.com http://lists.apple.com/mhonarc/security-announce/msg00056.html
- marc.info http://marc.info/?l=bugtraq&m=108334922320309&w=2
- marc.info http://marc.info/?l=bugtraq&m=108335030208523&w=2
- marc.info http://marc.info/?l=fedora-announce-list&m=108451350029261&w=2
- marc.info http://marc.info/?l=fedora-announce-list&m=108451353608968&w=2
- secunia.com http://secunia.com/advisories/22957
- secunia.com http://secunia.com/advisories/22958
- debian.org http://www.debian.org/security/2004/dsa-498
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:040
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:213
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-180.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-181.html
- securityfocus.com http://www.securityfocus.com/bid/10244
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/16022
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971
Remediation
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-180.html
- securityfocus.com http://www.securityfocus.com/bid/10244