Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2004-0597

Published: 23/11/2004 Updated: 12/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

Multiple buffer overflows in libpng 1.2.5 and previous versions, as used in multiple products, allow remote malicious users to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows messenger 5.0

greg roelofs libpng

microsoft msn messenger 6.1

microsoft msn messenger 6.2

microsoft windows media player 9

microsoft windows 98se

microsoft windows me

Vendor Advisories

Red Hat: mozilla security update
Synopsis mozilla security update Type/Severity Security Advisory: Critical Topic Updated mozilla packages based on version 143 that fix a number ofsecurity issues for Red Hat Enterprise Linux are now available Description Mozilla is an open source Web browser, advanced email and newsgrou ...
Red Hat: libpng security update
Synopsis libpng security update Type/Severity Security Advisory: Critical Topic Updated libpng packages that fix several issues are now available Description The libpng package contains a library of functions for creating andmanipulating PNG (Portable Network Graphics) image format filesD ...
Debian Security Advisories: DSA-536-1 libpng -- several vulnerabilities
Chris Evans discovered several vulnerabilities in libpng: CAN-2004-0597 Multiple buffer overflows exist, including when handling transparency chunk data, which could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed CAN-2004-0598 Multiple NULL pointer dereferences in png_handle_iCPP() and els ...

Exploits

Exploit DB: LibPNG 1.2.5 - 'png_jmpbuf()' Local Buffer Overflow
#include <stdioh> #include <stdlibh> #include "pngh" /* The png_jmpbuf() macro, used in error handling, became available in * libpng version 106 If you want to be able to run your code with older * versions of libpng, you must define the macro yourself (but only if it * is not already defined by libpng!) */ #i ...
Exploit DB: LibPNG Graphics Library - Remote Buffer Overflow
/* * exploit for libpng, tested on version 125 * infamous42md AT hotpop DOT com * * shouts to mitakeet (hope u patched :D) * * [n00b_at_localhoouternet] /po * Usage: /po < retaddr > [ outfile ] * * -all u need to give is retaddr, the default file it creates is controlled by * the define below, or u can pass a diff out ...
Exploit DB: Microsoft MSN Messenger 6.2.0137 - '.png' Remote Buffer Overflow
source: wwwsecurityfocuscom/bid/12506/info A remotely exploitable buffer overflow exists in MSN Messenger and Windows Messenger This vulnerability is related to parsing of Portable Network Graphics (PNG) image header data Successful exploitation will result in execution of arbitrary code in the context of the vulnerable client user At ...

Github Repositories

https://github.com/sdukshis/protecting-cpp-workshop

Защищая C++ Источники CVE 100K: By The Numbers - blog An Empirical Study of C++ Vulnerabilities in Crowd-Sourced Code Examples - whitepaper Introduction To Software Exploits - site C and C++ vulnerability exploits and countermeasures - slides NIST Test Suites - site wwwexploit-dbcom libpng CVE wwwcvedetailscom/cve/CVE-2004-0597/ vulm

https://github.com/DSTCyber/from-crashes-to-exploits

Introductory presentation on stack-based buffer overflows

From Crashes to Exploits or how to hack libpng This is a presentation that we developed (aimed at undergraduate students) on taking a crash found by AFL, debugging it and turning it into a working exploit It is a very introductory look at exploit development and focuses on the most simplest of buffer overflows However, it is based on real vulnerability: CVE-2004-0597 Wha

References

NVD-CWE-Otherhttp://www.us-cert.gov/cas/techalerts/TA04-217A.htmlhttp://www.debian.org/security/2004/dsa-536http://www.securityfocus.com/bid/10857http://scary.beasts.org/security/CESA-2004-001.txthttp://lists.apple.com/mhonarc/security-announce/msg00056.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200408-03.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200408-22.xmlhttp://www.redhat.com/support/errata/RHSA-2004-402.htmlhttp://www.redhat.com/support/errata/RHSA-2004-421.htmlhttp://www.redhat.com/support/errata/RHSA-2004-429.htmlhttp://www.novell.com/linux/security/advisories/2004_23_libpng.htmlhttp://www.trustix.net/errata/2004/0040/http://www.mozilla.org/projects/security/known-vulnerabilities.htmlhttp://www.adobe.com/support/downloads/detail.jsp?ftpID=2679http://www.us-cert.gov/cas/techalerts/TA05-039A.htmlhttp://www.kb.cert.org/vuls/id/388984http://www.kb.cert.org/vuls/id/817368ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txthttp://www.securityfocus.com/bid/15495http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856http://secunia.com/advisories/22957http://secunia.com/advisories/22958http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1http://www.mandriva.com/security/advisories?name=MDKSA-2004:079http://www.mandriva.com/security/advisories?name=MDKSA-2006:212http://www.mandriva.com/security/advisories?name=MDKSA-2006:213http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1https://bugzilla.fedora.us/show_bug.cgi?id=1943http://marc.info/?l=bugtraq&m=109163866717909&w=2http://marc.info/?l=bugtraq&m=109761239318458&w=2http://marc.info/?l=bugtraq&m=109181639602978&w=2http://marc.info/?l=bugtraq&m=109900315219363&w=2http://marc.info/?l=bugtraq&m=110796779903455&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/16894https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009https://access.redhat.com/errata/RHSA-2004:421https://nvd.nist.govhttps://github.com/DSTCyber/from-crashes-to-exploitshttps://www.exploit-db.com/exploits/393/https://www.kb.cert.org/vuls/id/388984
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook