Vulnerability Name:

CVE-2004-0599 (CCN-16896)

Assigned:2004-08-04
Published:2004-08-04
Updated:2017-10-11
Summary:Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: SCO
Type: UNKNOWN
SCOSA-2005.49

Source: CCN
Type: BugTraq Mailing List, Wed Aug 04 2004 - 12:43:23 CDT
CESA-2004-001: libpng

Source: MITRE
Type: CNA
CVE-2004-0599

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:856

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:856
Several vulnerabilities in libpng

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:877
New upstream for mozilla

Source: APPLE
Type: UNKNOWN
APPLE-SA-2004-09-09

Source: BUGTRAQ
Type: UNKNOWN
20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)

Source: HP
Type: UNKNOWN
SSRT4778

Source: SCO
Type: UNKNOWN
SCOSA-2004.16

Source: FEDORA
Type: UNKNOWN
FLSA:2089

Source: CCN
Type: RHSA-2004-402
libpng security update

Source: CCN
Type: RHSA-2004-421
mozilla security update

Source: MISC
Type: Vendor Advisory
http://scary.beasts.org/security/CESA-2004-001.txt

Source: SECUNIA
Type: UNKNOWN
22957

Source: SECUNIA
Type: UNKNOWN
22958

Source: CCN
Type: Slackware Security AdvisoriesTue, 10 Aug 2004 12:54:52 -0700 (PDT)
[slackware-security] Slackware 9.0, libpng correction (SSA:2004-222-01b)

Source: CCN
Type: Slackware Security Advisories Tue, 10 Aug 2004 14:26:39 -0700 (PDT)
[slackware-security] imagemagick (SSA:2004-223-02)

Source: CCN
Type: Slackware Security Advisories Mon, 9 Aug 2004 20:40:50 -0700
[slackware-security] libpng (SSA:2004-222-01)

Source: CCN
Type: Slackware Security Advisories Tue, 10 Aug 2004 14:17:12 -0700 (PDT)
[slackware-security] Mozilla (SSA:2004-223-01)

Source: CCN
Type: Sun Alert ID: 57683
Security Vulnerability in Netscape 7 With PNG Files

Source: SUNALERT
Type: UNKNOWN
200663

Source: CCN
Type: CIAC Information Bulletin O-192
"libpng" Package Vulnerabilities

Source: CCN
Type: CIAC Information Bulletin O-195
Mozilla Updated Security Packages

Source: CCN
Type: CIAC Information Bulletin O-212
Apple Security Update

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-536

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-570

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-571

Source: DEBIAN
Type: DSA 536-1
libpng -- several vulnerabilities

Source: DEBIAN
Type: DSA-536
libpng -- several vulnerabilities

Source: DEBIAN
Type: DSA-570
libpng -- integer overflow

Source: DEBIAN
Type: DSA-571
libpng3 -- buffer overflows

Source: CCN
Type: GLSA-200408-03
libpng: Numerous vulnerabilities

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200408-03

Source: CCN
Type: GLSA-200408-22
Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200408-22

Source: CCN
Type: US-CERT VU#160448
libpng integer overflow in image height processing

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#160448

Source: CCN
Type: US-CERT VU#286464
libpng contains integer overflows in progressive display image reading

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#286464

Source: CCN
Type: US-CERT VU#477512
libpng png_handle_sPLT() integer overflow

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#477512

Source: CCN
Type: SCO Security Advisory SCOSA-2004.16
Multiple Vulnerabilities in libpng

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:079

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:212

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:213

Source: CONFIRM
Type: UNKNOWN
http://www.mozilla.org/projects/security/known-vulnerabilities.html

Source: SUSE
Type: Patch, Vendor Advisory
SUSE-SA:2004:023

Source: CCN
Type: OpenPKG-SA-2004.035
libpng

Source: REDHAT
Type: Vendor Advisory
RHSA-2004:402

Source: REDHAT
Type: Vendor Advisory
RHSA-2004:421

Source: REDHAT
Type: Vendor Advisory
RHSA-2004:429

Source: BID
Type: Exploit, Patch, Vendor Advisory
10857

Source: CCN
Type: BID-10857
LibPNG Graphics Library Multiple Remote Vulnerabilities

Source: BID
Type: UNKNOWN
15495

Source: CCN
Type: BID-15495
SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed

Source: TRUSTIX
Type: Vendor Advisory
2004-0040

Source: CCN
Type: TLSA-2004-19
Multiple vulnerabilities in libpng

Source: CERT
Type: Third Party Advisory, US Government Resource
TA04-217A

Source: FEDORA
Type: Patch
FLSA:1943

Source: XF
Type: UNKNOWN
lilbpng-integer-bo(16896)

Source: XF
Type: UNKNOWN
lilbpng-integer-bo(16896)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10938

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1479

Source: SUSE
Type: SUSE-SA:2004:023
libpng: remote system compromise

Source: SUSE
Type: SUSE-SA:2004:035
samba: remote file disclosure

Vulnerable Configuration:Configuration 1:
  • cpe:/a:greg_roelofs:libpng:*:*:*:*:*:*:*:* (Version <= 1.2.5)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:libpng:libpng:0.71:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.5:*:*:*:server:*:*:*
  • OR cpe:/a:suse:suse_linux_firewall:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:iii:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:navigator:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.0:*:*:*:workstation:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1b:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:7.0::sparc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040599
    V
    		CVE-2004-0599
    2015-11-16
    oval:org.mitre.oval:def:10938
    V
    		Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.
    2013-04-29
    oval:org.mitre.oval:def:1479
    V
    		Integer Overflow in libpng via Malformed PNG Image
    2005-03-09
    oval:org.debian:def:571
    V
    		buffer overflows, integer overflow
    2004-10-20
    oval:org.debian:def:570
    V
    		integer overflow
    2004-10-20
    oval:com.redhat.rhsa:def:20040402
    P
    		RHSA-2004:402: libpng security update (Critical)
    2004-08-04
    oval:com.redhat.rhsa:def:20040421
    P
    		RHSA-2004:421: mozilla security update (Critical)
    2004-08-04
    oval:org.debian:def:536
    V
    		several vulnerabilities
    2004-08-04
    BACK
    greg_roelofs libpng *
    libpng libpng 0.71
    sun solaris 8
    turbolinux turbolinux server 6.5
    suse suse linux firewall *
    suse suse linux database server *
    suse suse email server iii
    suse suse linux connectivity server *
    suse suse linux 8.0
    conectiva linux 8.0
    sun solaris 9
    debian debian linux 3.0
    slackware slackware linux 8.1
    openpkg openpkg current
    gentoo linux *
    suse suse linux office server *
    netscape navigator 7.0
    suse suse email server 3.1
    suse suse linux 8.1
    suse linux enterprise server 8
    mandrakesoft mandrake multi network firewall 8.2
    slackware slackware linux current
    turbolinux turbolinux server 6.1
    turbolinux turbolinux workstation 6.0
    mandrakesoft mandrake linux corporate server 2.1
    compaq tru64 5.1b
    mandrakesoft mandrake linux 9.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    slackware slackware linux 9.0
    suse suse linux 8.2
    redhat enterprise linux 2.1
    conectiva linux 9.0
    trustix secure linux 2.0
    slackware slackware linux 9.1
    suse suse linux 9.0
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    openpkg openpkg 2.0
    trustix secure linux 2.1
    mandrakesoft mandrake linux 10.0
    suse suse linux 9.1
    redhat enterprise linux 3
    conectiva linux 10
    openpkg openpkg 2.1
    slackware slackware linux 10.0
    sun solaris 7.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    suse linux enterprise server 9
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1