CVE-2004-0597

Current Description

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

Basic Data

PublishedNovember 23, 2004
Last ModifiedOctober 12, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationGreg RoelofsLibpng********1.2.5
    2.3ApplicationMicrosoftMsn Messenger6.1*******
    2.3ApplicationMicrosoftMsn Messenger6.2*******
    2.3ApplicationMicrosoftWindows Media Player9*******
    2.3ApplicationMicrosoftWindows Messenger5.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSMicrosoftWindows 98se********
    2.3OSMicrosoftWindows Me**second_edition*****

Vulnerable Software List

VendorProductVersions
Microsoft Windows Messenger 5.0
Microsoft Windows 98se *
Microsoft Msn Messenger 6.1, 6.2
Microsoft Windows Me *
Microsoft Windows Media Player 9
Greg Roelofs Libpng *

References

NameSourceURLTags
SCOSA-2005.49ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txtSCO
CLA-2004:856http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856CONECTIVA
APPLE-SA-2004-09-09http://lists.apple.com/mhonarc/security-announce/msg00056.htmlAPPLE
20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)http://marc.info/?l=bugtraq&m=109163866717909&w=2BUGTRAQ
SSRT4778http://marc.info/?l=bugtraq&m=109181639602978&w=2HP
SCOSA-2004.16http://marc.info/?l=bugtraq&m=109761239318458&w=2SCO
FLSA:2089http://marc.info/?l=bugtraq&m=109900315219363&w=2FEDORA
20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploithttp://marc.info/?l=bugtraq&m=110796779903455&w=2BUGTRAQ
http://scary.beasts.org/security/CESA-2004-001.txthttp://scary.beasts.org/security/CESA-2004-001.txtMISCExploit Vendor Advisory
22957http://secunia.com/advisories/22957SECUNIA
22958http://secunia.com/advisories/22958SECUNIA
200663http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1SUNALERT
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1CONFIRM
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679CONFIRMPATCH
http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10MISC
DSA-536http://www.debian.org/security/2004/dsa-536DEBIANPATCH Vendor Advisory
GLSA-200408-03http://www.gentoo.org/security/en/glsa/glsa-200408-03.xmlGENTOOPATCH Vendor Advisory
GLSA-200408-22http://www.gentoo.org/security/en/glsa/glsa-200408-22.xmlGENTOOPATCH Vendor Advisory
VU#388984http://www.kb.cert.org/vuls/id/388984CERT-VNThird Party Advisory US Government Resource
VU#817368http://www.kb.cert.org/vuls/id/817368CERT-VNThird Party Advisory US Government Resource
MDKSA-2004:079http://www.mandriva.com/security/advisories?name=MDKSA-2004:079MANDRAKE
MDKSA-2006:212http://www.mandriva.com/security/advisories?name=MDKSA-2006:212MANDRIVA
MDKSA-2006:213http://www.mandriva.com/security/advisories?name=MDKSA-2006:213MANDRIVA
http://www.mozilla.org/projects/security/known-vulnerabilities.htmlhttp://www.mozilla.org/projects/security/known-vulnerabilities.htmlCONFIRM
SUSE-SA:2004:023http://www.novell.com/linux/security/advisories/2004_23_libpng.htmlSUSEPATCH Vendor Advisory
RHSA-2004:402http://www.redhat.com/support/errata/RHSA-2004-402.htmlREDHAT
RHSA-2004:421http://www.redhat.com/support/errata/RHSA-2004-421.htmlREDHATVendor Advisory
RHSA-2004:429http://www.redhat.com/support/errata/RHSA-2004-429.htmlREDHATVendor Advisory
10857http://www.securityfocus.com/bid/10857BIDExploit PATCH Vendor Advisory
15495http://www.securityfocus.com/bid/15495BID
2004-0040http://www.trustix.net/errata/2004/0040/TRUSTIXPATCH Vendor Advisory
TA04-217Ahttp://www.us-cert.gov/cas/techalerts/TA04-217A.htmlCERTThird Party Advisory US Government Resource
TA05-039Ahttp://www.us-cert.gov/cas/techalerts/TA05-039A.htmlCERTThird Party Advisory US Government Resource
FLSA:1943https://bugzilla.fedora.us/show_bug.cgi?id=1943FEDORA
MS05-009https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009MS
libpng-pnghandle-bo(16894)https://exchange.xforce.ibmcloud.com/vulnerabilities/16894XF
oval:org.mitre.oval:def:11284https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284OVAL
oval:org.mitre.oval:def:2274https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274OVAL
oval:org.mitre.oval:def:2378https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378OVAL
oval:org.mitre.oval:def:4492https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492OVAL
oval:org.mitre.oval:def:594https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594OVAL
oval:org.mitre.oval:def:7709https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709OVAL