Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3964

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3964
Last Modified 07 Mar 2011 10:11:43
Published 10 Sep 2008 09:13:47
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3964

Summary

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

Vulnerable Systems

Application

  • Libpng 1.2.19

  • Libpng 1.2.2

  • Libpng 1.2.20

  • Libpng 1.2.21

  • Libpng 1.2.22

  • Libpng 1.2.23

  • Libpng 1.2.24

  • Libpng 1.2.25

  • Libpng 1.2.26

  • Libpng 1.2.3

  • Libpng 1.2.4

  • Libpng 1.2.5

  • Libpng 1.2.6

  • Libpng 1.2.7

  • Libpng 1.2.8

  • Libpng 1.2.9

  • Libpng 1.4

  • Libpng Beta1


References

CERT-VN - VU#889484

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=624518

XF - libpng-pngpushreadztxt-dos(44928)

VUPEN - ADV-2009-1560

VUPEN - ADV-2009-1462

VUPEN - ADV-2008-2512

BID - 31049

MLIST - [oss-security] 20080909 Re: CVE request (libpng)

MLIST - [oss-security] 20080909 CVE request (libpng)

MANDRIVA - MDVSA-2009:051

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm

SUNALERT - 1020521

SUNALERT - 259989

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517

MLIST - [png-mng-implement] 20080918 libpng-1.0.40 and libpng-1.2.32 available

GENTOO - GLSA-200812-15

SECUNIA - 35386

SECUNIA - 35302

SECUNIA - 33137

SECUNIA - 31781


Last Updated: 27 May 2016 10:48:22