DescriptionMultiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SA:2004:023, published Wednesday, Aug 4th 2004 16:00 MEST
- SUSE-SA:2004:030, published Monday, Sept 6th 15:00:00 MEST 2004
- SUSE-SA:2004:032, published Wednesday, Sep 15th 2004 16:00 MEST
- SUSE-SA:2004:033, published Wednesday, Sep 17th 2004 12:00 MEST
- SUSE-SA:2004:034, published Friday, Sep 17th 2004 14:23 MEST
- SUSE-SA:2004:035, published Tuesday, Oct 5th 2004 16:53:01 MEST
SUSE Timeline for this CVECVE page created: Fri Jun 28 00:53:47 2013
CVE page last modified: Fri Oct 7 12:45:28 2022