Vulnerability Name: CVE-2004-0597 (CCN-16894) Assigned: 2004-08-04 Published: 2004-08-04 Updated: 2018-10-12 Summary: Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: SCOSCOSA-2005.49 CESA-2004-001: libpng CVE-2004-0597 CLA-2004:856 Several vulnerabilities in libpng New upstream for mozilla APPLE-SA-2004-09-09 20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png) SSRT4778 SCOSA-2004.16 FLSA:2089 20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit libpng security update mozilla security update http://scary.beasts.org/security/CESA-2004-001.txt 22957 22958 [slackware-security] Slackware 9.0, libpng correction (SSA:2004-222-01b) [slackware-security] imagemagick (SSA:2004-223-02) [slackware-security] libpng (SSA:2004-222-01) [slackware-security] Mozilla (SSA:2004-223-01) Multiple Security Vulnerabilities in the Portable Network Graphics (PNG) Library libpng(3) Security Vulnerability in Netscape 7 With PNG Files 200663 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1 http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679 "libpng" Package Vulnerabilities Mozilla Updated Security Packages Apple Security Update Adobe Reader Security Vulnerabilities Microsoft PNG Processing Vulnerability http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10 DSA-536 libpng -- several vulnerabilities libpng: Numerous vulnerabilities GLSA-200408-03 Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities GLSA-200408-22 libpng fails to properly check length of transparency chunk (tRNS) data VU#388984 libpng png_handle_sBIT() performs insufficient bounds checking VU#817368 Multiple Vulnerabilities in libpng MDKSA-2004:079 MDKSA-2006:212 MDKSA-2006:213 Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) http://www.mozilla.org/projects/security/known-vulnerabilities.html SUSE-SA:2004:023 libpng RHSA-2004:402 RHSA-2004:421 RHSA-2004:429 10857 LibPNG Graphics Library Multiple Remote Vulnerabilities Microsoft MSN Messenger/Windows Messenger PNG Buffer Overflow Vulnerability 15495 SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed 2004-0040 Multiple vulnerabilities in libpng TA04-217A TA05-039A FLSA:1943 MS05-009 libpng-pnghandle-bo(16894) libpng-pnghandle-bo(16894) oval:org.mitre.oval:def:11284 oval:org.mitre.oval:def:2274 oval:org.mitre.oval:def:2378 oval:org.mitre.oval:def:4492 oval:org.mitre.oval:def:594 oval:org.mitre.oval:def:7709 libpng: remote system compromise apache2: remote DoS condition cups: remote code execution apache2: remote denial-of-service gtk2 gdk-pixbuf: remote code execution XFree86-libs xshared: remote command execution samba: remote file disclosure Vulnerable Configuration: Configuration 1 :cpe:/a:greg_roelofs:libpng:*:*:*:*:*:*:*:* (Version <= 1.2.5)OR cpe:/a:microsoft:msn_messenger:6.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:msn_messenger:6.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:windows_media_player:9:*:*:*:*:*:*:* OR cpe:/a:microsoft:windows_messenger:5.0:*:*:*:*:*:*:* Configuration 2 :cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_me:*:*:second_edition:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:libpng:libpng:*:*:*:*:*:*:*:* AND cpe:/o:sun:solaris:8:*:sparc:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux:6.5:*:*:*:server:*:*:* OR cpe:/o:compaq:tru64:5.1a:*:*:*:*:*:*:* OR cpe:/a:suse:suse_linux_firewall:*:*:*:*:*:*:*:* OR cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:* OR cpe:/a:suse:suse_email_server:iii:*:*:*:*:*:*:* OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:* OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:* OR cpe:/a:netscape:navigator:7.0:*:*:*:*:*:*:* OR cpe:/a:suse:suse_email_server:3.1:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:* OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux:6.0:*:*:*:workstation:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:* OR cpe:/o:compaq:tru64:5.1b:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:* OR cpe:/a:gnome:gnome:2.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:* OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:* OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/a:openpkg:openpkg:2.0:*:*:*:*:*:*:* OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:* OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:7.0:*:sparc:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:* Oval Definitions BACK
greg_roelofs libpng *
microsoft msn messenger 6.1
microsoft msn messenger 6.2
microsoft windows media player 9
microsoft windows messenger 5.0
microsoft windows 98se *
microsoft windows me *
libpng libpng *
sun solaris 8
turbolinux turbolinux server 6.5
compaq tru64 5.1a
suse suse linux firewall *
suse suse linux database server *
suse suse email server iii
suse suse linux connectivity server *
suse suse linux 8.0
conectiva linux 8.0
sun solaris 9
debian debian linux 3.0
slackware slackware linux 8.1
openpkg openpkg current
gentoo linux *
suse suse linux office server *
netscape navigator 7.0
suse suse email server 3.1
suse suse linux 8.1
suse linux enterprise server 8
mandrakesoft mandrake multi network firewall 8.2
slackware slackware linux current
turbolinux turbolinux server 6.1
turbolinux turbolinux workstation 6.0
mandrakesoft mandrake linux corporate server 2.1
compaq tru64 5.1b
mandrakesoft mandrake linux 9.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
slackware slackware linux 9.0
suse suse linux 8.2
gnome gnome 2.0
redhat enterprise linux 2.1
conectiva linux 9.0
trustix secure linux 2.0
slackware slackware linux 9.1
suse suse linux 9.0
mandrakesoft mandrake linux 9.2
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
openpkg openpkg 2.0
trustix secure linux 2.1
mandrakesoft mandrake linux 10.0
suse suse linux 9.1
redhat enterprise linux 3
conectiva linux 10
openpkg openpkg 2.1
slackware slackware linux 10.0
sun solaris 7.0
mandrakesoft mandrake linux corporate server 3.0
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 2006
suse linux enterprise server 9
mandrakesoft mandrake linux 2006
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 3.0
mandrakesoft mandrake linux 9.1
mandrakesoft mandrake linux 9.2
mandrakesoft mandrake linux 10.0
mandrakesoft mandrake linux corporate server 2.1
Denotes that component is vulnerable