Back to search
CVE-2008-3964
Published: Sep 10, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517
x_refsource_CONFIRM
[oss-security] 20080909 CVE request (libpng)
mailing-list
x_refsource_MLIST
35386
third-party-advisory
x_refsource_SECUNIA
1020521
vendor-advisory
x_refsource_SUNALERT
libpng-pngpushreadztxt-dos(44928)
vdb-entry
x_refsource_XF
ADV-2009-1560
vdb-entry
x_refsource_VUPEN
ADV-2009-1462
vdb-entry
x_refsource_VUPEN
31049
vdb-entry
x_refsource_BID
259989
vendor-advisory
x_refsource_SUNALERT
35302
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20080909 Re: CVE request (libpng)
mailing-list
x_refsource_MLIST
VU#889484
third-party-advisory
x_refsource_CERT-VN
ADV-2008-2512
vdb-entry
x_refsource_VUPEN
GLSA-200812-15
vendor-advisory
x_refsource_GENTOO
31781
third-party-advisory
x_refsource_SECUNIA
33137
third-party-advisory
x_refsource_SECUNIA
[png-mng-implement] 20080918 libpng-1.0.40 and libpng-1.2.32 available
mailing-list
x_refsource_MLIST
http://sourceforge.net/project/shownotes.php?release_id=624518
x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
x_refsource_CONFIRM
MDVSA-2009:051
vendor-advisory
x_refsource_MANDRIVA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now