SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   libpng Vendors:   libpng.sourceforge.net
libpng Memory Access Violation When Creating Error Messages May Cause Denial of Service Conditions
SecurityTracker Alert ID:  1009991
SecurityTracker URL:  http://securitytracker.com/id/1009991
CVE Reference:   CVE-2004-0421   (Links to External Site)
Date:  Apr 30 2004
Impact:   Denial of service via network


Description:   A vulnerability was reported in libpng. A remote user can create a PNG image that, when processed by libpng, may cause denial of service conditions.

Mandrake reported that when libpng creates an error message, libpng may access invalid memory locations. As a result, an application using libpng may crash or core dump when processing certain PNG images, the report said.

Steve Grubb is credited with discovering this flaw.

Impact:   A remote user can create a malformed PNG image that, when processed by an application using libpng, may cause the application to crash. The specific impact depends on the application using libpng.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.libpng.org/pub/png/libpng.html (Links to External Site)
Cause:   Access control error, Resource error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 30 2004 (Mandrake Issues Fix) libpng Memory Access Violation When Creating Error Messages May Cause Denial of Service Conditions
Mandrake has released a fix.
Apr 30 2004 (Trustix Issues Fix) libpng Memory Access Violation When Creating Error Messages May Cause Denial of Service Conditions
Trustix has released a fix.
Apr 30 2004 (Red Hat Issues Fix for RH Linux) libpng Memory Access Violation When Creating Error Messages May Cause Denial of Service Conditions
Red Hat has released a fix for Red Hat Linux 9.
May 4 2004 (Slackware Issues Fix) libpng Memory Access Violation When Creating Error Messages May Cause Denial of Service Conditions
Slackware has released a fix.
May 18 2004 (Gentoo Issues Fix) libpng Memory Access Violation When Creating Error Messages May Cause Denial of Service Conditions
Gentoo has released a fix.
May 18 2004 (Fedora Issues Fix) libpng Memory Access Violation When Creating Error Messages May Cause Denial of Service Conditions
Fedora has released a fix.
May 20 2004 (Red Hat Issues Fix for RH Enterprise Linux) libpng Memory Access Violation When Creating Error Messages May Cause Denial of Service Conditions
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Aug 10 2004 (Apple Issues Fix) libpng Memory Access Violation When Creating Error Messages May Cause Denial of Service Conditions
Apple has released a fix for Mac OS X in 10.3.5.
Aug 10 2004 (Apple Issues Fix) libpng Memory Access Violation When Creating Error Messages May Cause Denial of Service Conditions
Apple has released a fix for Mac OS X 10.2.8 and 10.3.4.
Aug 12 2004 (Turbolinux Issues Fix) libpng Memory Access Violation When Creating Error Messages May Cause Denial of Service Conditions
Turbolinux has issued a fix.



 Source Message Contents

Subject:  CVE-2004-0421


Mandrake reported that there is a vulnerability in libpng.  When creating an error 
message, libpng may access invalid memory locations, the report said.

The report indicates that the impact of the flaw is "not clear," but may cause an 
application using libpng to crash or core dump when processing certain PNG images.

Steve Grubb is credited with discovering this flaw.

CVE: CAN-2004-0421

http://www.libpng.org/pub/png/libpng.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC