The png_format_buffer function in pngerror.c in libpng 1.0.x prior to 1.0.55, 1.2.x prior to 1.2.45, 1.4.x prior to 1.4.8, and 1.5.x prior to 1.5.4 allows remote malicious users to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libpng libpng |
||
fedoraproject fedora 14 |
||
debian debian linux 5.0 |
||
debian debian linux 6.0 |
||
canonical ubuntu linux 10.10 |
||
canonical ubuntu linux 11.04 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 8.04 |