Published: 11/09/2008 Updated: 31/01/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Multiple off-by-one errors in libpng prior to 1.2.32beta01, and 1.4 prior to 1.4.0beta34, allow context-dependent malicious users to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libpng libpng
libpng libpng 1.4.0

Debian Bug report logs - #501109 CVE-2008-3964: off-by-one error in pngtestc Package: libpng; Maintainer for libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Sat, 4 Oct 2008 08:09:01 UTC Severity: important Tags: patch, security Fixed in versio ...

It was discovered that libpng did not properly perform bounds checking in certain operations An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng This issue only affected Ubuntu 804 LTS (CVE-2007-5268, CVE-2007-5269) ...

CWE-193 http://www.openwall.com/lists/oss-security/2008/09/09/3 http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624 http://sourceforge.net/project/shownotes.php?release_id=624518 http://www.openwall.com/lists/oss-security/2008/09/09/8 http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517 http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement http://www.securityfocus.com/bid/31049 http://www.kb.cert.org/vuls/id/889484 http://secunia.com/advisories/33137 http://security.gentoo.org/glsa/glsa-200812-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:051 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 http://www.vupen.com/english/advisories/2009/1462 http://secunia.com/advisories/35302 http://secunia.com/advisories/35386 http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm http://www.vupen.com/english/advisories/2009/1560 http://secunia.com/advisories/31781 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 http://www.vupen.com/english/advisories/2008/2512 https://exchange.xforce.ibmcloud.com/vulnerabilities/44928 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501109 https://usn.ubuntu.com/730-1/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/889484

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-3964

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect