CVE - CVE-2008-3964

CVE-ID
CVE-2008-3964	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:31049 URL:http://www.securityfocus.com/bid/31049 CERT-VN:VU#889484 URL:http://www.kb.cert.org/vuls/id/889484 CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517 CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=624518 CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm GENTOO:GLSA-200812-15 URL:http://security.gentoo.org/glsa/glsa-200812-15.xml MANDRIVA:MDVSA-2009:051 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:051~~ (Obsolete source) MLIST:[oss-security] 20080909 CVE request (libpng) URL:http://www.openwall.com/lists/oss-security/2008/09/09/3 MLIST:[oss-security] 20080909 Re: CVE request (libpng) URL:http://www.openwall.com/lists/oss-security/2008/09/09/8 MLIST:[png-mng-implement] 20080918 libpng-1.0.40 and libpng-1.2.32 available URL:http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement SECUNIA:31781 URL:http://secunia.com/advisories/31781 SECUNIA:33137 URL:http://secunia.com/advisories/33137 SECUNIA:35302 URL:http://secunia.com/advisories/35302 SECUNIA:35386 URL:http://secunia.com/advisories/35386 SUNALERT:1020521 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1~~ (Obsolete source) SUNALERT:259989 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1~~ (Obsolete source) VUPEN:ADV-2008-2512 URL:~~http://www.vupen.com/english/advisories/2008/2512~~ (Obsolete source) VUPEN:ADV-2009-1462 URL:~~http://www.vupen.com/english/advisories/2009/1462~~ (Obsolete source) VUPEN:ADV-2009-1560 URL:~~http://www.vupen.com/english/advisories/2009/1560~~ (Obsolete source) XF:libpng-pngpushreadztxt-dos(44928) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44928
Assigning CNA
MITRE Corporation
Date Record Created
20080909	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080909)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)