CVE-2008-3964

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 11-09-2008 03:13

Last modified: - 31-01-2022 03:18

Total changes: - 2

Description

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

4.3

Base score

8.6

2.9

Exploitability score

Impact score

Verification logic

vendor=libpng AND product=libpng AND versionEndExcluding=1.2.32

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta1

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta10

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta11

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta12

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta13

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta14

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta15

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta16

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta17

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta18

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta19

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta2

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta20

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta21

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta22

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta23

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta24

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta25

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta26

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta27

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta28

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta29

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta3

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta30

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta31

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta32

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta33

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta4

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta5

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta6

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta7

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta8

vendor=libpng AND product=libpng AND version=1.4.0 AND update=beta9

Reference

[oss-security] 20080909 CVE request (libpng)-Mailing List, Third Party Advisory
http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624
http://sourceforge.net/project/shownotes.php?release_id=624518
[oss-security] 20080909 Re: CVE request (libpng)-Mailing List, Third Party Advisory
http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517
[png-mng-implement] 20080918 libpng-1.0.40 and libpng-1.2.32 available-Third Party Advisory
31049-Third Party Advisory, VDB Entry
VU#889484-Third Party Advisory, US Government Resource
33137-Third Party Advisory
GLSA-200812-15-Third Party Advisory
MDVSA-2009:051-Broken Link
259989-Broken Link
ADV-2009-1462-Permissions Required
35302-Third Party Advisory
35386-Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
ADV-2009-1560-Permissions Required
31781-Third Party Advisory
1020521-Broken Link
ADV-2008-2512-Permissions Required
libpng-pngpushreadztxt-dos(44928)-Third Party Advisory, VDB Entry

Keywords

CVE-2008-3964

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2008-3964

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures