CVE-ID

CVE-2002-0728

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20020723 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20020817-01)
Votes (Legacy)
ACCEPT(4) Armstrong, Baker, Cole, Cox
MODIFY(1) Frech
NOOP(3) Christey, Foat, Wall
Comments (Legacy)
 Christey> CONECTIVA:CLA-2002:512
 Christey> DEBIAN:DSA-140
   Add libpng2, libpng3
 Christey> REDHAT:RHSA-2002:152 (per Mark Cox)
 Christey> Change desc: these are versions *before* 1.2.4, and *before* 1.0.14.
   REDHAT:RHSA-2002:151
 Christey> XF:libpng-datastream-bo(9744)
   URL:http://www.iss.net/security_center/static/9744.php
   BID:5059
   URL:http://www.securityfocus.com/bid/5059
 Christey> CALDERA:CSSA-2002-042.0
   URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-042.0.txt
 Frech> XF:libpng-progressive-reader-bo(9744)
 Christey> CALDERA:CSSA-2002-042.0
   URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-042.0.txt

Proposed (Legacy)
20020726
This is an entry on the CVE list, which standardizes names for security problems.