Info

Disclosure

Apr 30, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

libpng contains a flaw that may allow a remote denial of service. The issue is triggered when the library process a malformed PNG image and attempts to use memory it has not allocated for an error message. The application using the libpng library will crash resulting in loss of availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

PNG Development Group	libpng	1.0.x
		1.2.x

References

Bugtraq ID: 10244
Secunia Advisory ID: 11505 11667 12249 22957 22958
ISS X-Force ID: 16022
CVE ID: 2004-0421 (see also: NVD)
SCIP VulDB ID: 642
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=61798
http://www.debian.org/security/2004/dsa-498
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:040
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
http://www.mandriva.com/security/advisories?name=MDKSA-2006:213
Vendor URL: http://www.libpng.org/pub/png/

Credit

Steve Grubb -

Direct URL: http://osvdb.org/5726

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

PNG Development Group

libpng

References

Credit