CVE - CVE-2004-0597

CVE-ID
CVE-2004-0597	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2004-09-09 URL:http://lists.apple.com/mhonarc/security-announce/msg00056.html BID:10857 URL:http://www.securityfocus.com/bid/10857 BID:15495 URL:http://www.securityfocus.com/bid/15495 BUGTRAQ:20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png) URL:http://marc.info/?l=bugtraq&m=109163866717909&w=2 BUGTRAQ:20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit URL:http://marc.info/?l=bugtraq&m=110796779903455&w=2 CERT:TA04-217A URL:http://www.us-cert.gov/cas/techalerts/TA04-217A.html CERT:TA05-039A URL:http://www.us-cert.gov/cas/techalerts/TA05-039A.html CERT-VN:VU#388984 URL:http://www.kb.cert.org/vuls/id/388984 CERT-VN:VU#817368 URL:http://www.kb.cert.org/vuls/id/817368 CONECTIVA:CLA-2004:856 URL:~~http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856~~ (Obsolete source - check if archived by the Wayback Machine) CONFIRM:~~http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1~~ (Obsolete source) CONFIRM:http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679 CONFIRM:http://www.mozilla.org/projects/security/known-vulnerabilities.html DEBIAN:DSA-536 URL:http://www.debian.org/security/2004/dsa-536 FEDORA:FLSA:1943 URL:https://bugzilla.fedora.us/show_bug.cgi?id=1943 FEDORA:FLSA:2089 URL:http://marc.info/?l=bugtraq&m=109900315219363&w=2 GENTOO:GLSA-200408-03 URL:http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml GENTOO:GLSA-200408-22 URL:http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml HP:SSRT4778 URL:http://marc.info/?l=bugtraq&m=109181639602978&w=2 MANDRAKE:MDKSA-2004:079 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2004:079~~ (Obsolete source) MANDRIVA:MDKSA-2006:212 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:212~~ (Obsolete source) MANDRIVA:MDKSA-2006:213 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:213~~ (Obsolete source) MISC:http://scary.beasts.org/security/CESA-2004-001.txt MISC:http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10 MS:MS05-009 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009 OVAL:oval:org.mitre.oval:def:11284 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284 OVAL:oval:org.mitre.oval:def:2274 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274 OVAL:oval:org.mitre.oval:def:2378 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378 OVAL:oval:org.mitre.oval:def:4492 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492 OVAL:oval:org.mitre.oval:def:594 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594 OVAL:oval:org.mitre.oval:def:7709 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709 REDHAT:RHSA-2004:402 URL:http://www.redhat.com/support/errata/RHSA-2004-402.html REDHAT:RHSA-2004:421 URL:http://www.redhat.com/support/errata/RHSA-2004-421.html REDHAT:RHSA-2004:429 URL:http://www.redhat.com/support/errata/RHSA-2004-429.html SCO:SCOSA-2004.16 URL:http://marc.info/?l=bugtraq&m=109761239318458&w=2 SCO:SCOSA-2005.49 URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt SECUNIA:22957 URL:http://secunia.com/advisories/22957 SECUNIA:22958 URL:http://secunia.com/advisories/22958 SUNALERT:200663 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1~~ (Obsolete source) SUSE:SUSE-SA:2004:023 URL:http://www.novell.com/linux/security/advisories/2004_23_libpng.html TRUSTIX:2004-0040 URL:~~http://www.trustix.net/errata/2004/0040/~~ (Obsolete source - check if archived by the Wayback Machine) VULNWATCH:20050208 CORE-2004-0819: MSN Messenger PNG Image Parsing Vulnerability XF:libpng-pnghandle-bo(16894) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/16894
Assigning CNA
MITRE Corporation
Date Record Created
20040623	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20040623)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)