CVE-2004-0421

Current Description

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

Referenced by CVEs:CVE-2011-2501

Basic Data

PublishedAugust 18, 2004
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationGreg RoelofsLibpng1.0*******
    2.3ApplicationGreg RoelofsLibpng1.0.5*******
    2.3ApplicationGreg RoelofsLibpng1.0.6*******
    2.3ApplicationGreg RoelofsLibpng1.0.7*******
    2.3ApplicationGreg RoelofsLibpng1.0.8*******
    2.3ApplicationGreg RoelofsLibpng1.0.9*******
    2.3ApplicationGreg RoelofsLibpng1.0.10*******
    2.3ApplicationGreg RoelofsLibpng1.0.11*******
    2.3ApplicationGreg RoelofsLibpng1.0.12*******
    2.3ApplicationGreg RoelofsLibpng1.0.13*******
    2.3ApplicationGreg RoelofsLibpng1.0.14*******
    2.3ApplicationGreg RoelofsLibpng31.2.0*******
    2.3ApplicationGreg RoelofsLibpng31.2.1*******
    2.3ApplicationGreg RoelofsLibpng31.2.2*******
    2.3ApplicationGreg RoelofsLibpng31.2.3*******
    2.3ApplicationGreg RoelofsLibpng31.2.4*******
    2.3ApplicationGreg RoelofsLibpng31.2.5*******
    2.3ApplicationOpenpkgOpenpkg1.3*******
    2.3ApplicationOpenpkgOpenpkg2.0*******
    2.3ApplicationRedhatLibpng1.2.2-16*i386*****
    2.3ApplicationRedhatLibpng1.2.2-16*i386_dev*****
    2.3ApplicationRedhatLibpng1.2.2-20*i386*****
    2.3ApplicationRedhatLibpng1.2.2-20*i386_dev*****
    2.3ApplicationRedhatLibpng10.1.0.13.8*i386*****
    2.3ApplicationRedhatLibpng10.1.0.13.8*i386_dev*****
    2.3ApplicationRedhatLibpng10.1.0.13.11*i386*****
    2.3ApplicationRedhatLibpng10.1.0.13.11*i386_dev*****
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux2.1*advanced_server*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server*****
    2.3OSRedhatEnterprise Linux2.1*workstation*****
    2.3OSRedhatEnterprise Linux3.0*advanced_server*****
    2.3OSRedhatEnterprise Linux3.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux3.0*workstation_server*****
    2.3OSRedhatEnterprise Linux Desktop3.0*******
    2.3OSRedhatLinux Advanced Workstation2.1*ia64*****
    2.3OSRedhatLinux Advanced Workstation2.1*itanium_processor*****
    2.3OSTrustixSecure Linux2.0*******
    2.3OSTrustixSecure Linux2.1*******

Vulnerable Software List

VendorProductVersions
Openpkg Openpkg 1.3, 2.0
Redhat Libpng 1.2.2-16, 1.2.2-20, 10.1.0.13.11, 10.1.0.13.8
Redhat Enterprise Linux 2.1, 3.0
Redhat Enterprise Linux Desktop 3.0
Redhat Linux Advanced Workstation 2.1
Greg Roelofs Libpng 1.0, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.0.14, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9
Greg Roelofs Libpng3 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5
Trustix Secure Linux 2.0, 2.1

References

NameSourceURLTags
APPLE-SA-2004-09-09http://lists.apple.com/mhonarc/security-announce/msg00056.htmlAPPLE
20040429 [OpenPKG-SA-2004.017] OpenPKG Security Advisory (png)http://marc.info/?l=bugtraq&m=108334922320309&w=2BUGTRAQ
2004-0025http://marc.info/?l=bugtraq&m=108335030208523&w=2TRUSTIX
FEDORA-2004-105http://marc.info/?l=fedora-announce-list&m=108451350029261&w=2FEDORA
FEDORA-2004-106http://marc.info/?l=fedora-announce-list&m=108451353608968&w=2FEDORA
22957http://secunia.com/advisories/22957SECUNIA
22958http://secunia.com/advisories/22958SECUNIA
DSA-498http://www.debian.org/security/2004/dsa-498DEBIAN
MDKSA-2004:040http://www.mandriva.com/security/advisories?name=MDKSA-2004:040MANDRAKE
MDKSA-2006:212http://www.mandriva.com/security/advisories?name=MDKSA-2006:212MANDRIVA
MDKSA-2006:213http://www.mandriva.com/security/advisories?name=MDKSA-2006:213MANDRIVA
RHSA-2004:180http://www.redhat.com/support/errata/RHSA-2004-180.htmlREDHATPATCH Vendor Advisory
RHSA-2004:181http://www.redhat.com/support/errata/RHSA-2004-181.htmlREDHAT
10244http://www.securityfocus.com/bid/10244BIDPATCH Vendor Advisory
libpng-png-dos(16022)https://exchange.xforce.ibmcloud.com/vulnerabilities/16022XF
oval:org.mitre.oval:def:11710https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710OVAL
oval:org.mitre.oval:def:971https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971OVAL