CVE-2004-0421 : The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attacke

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

Published 2004-08-18 04:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2004-0421

Redhat » Enterprise Linux » Version: 2.1
cpe:2.3:o:redhat:enterprise_linux:2.1:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 3.0
cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 3.0
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libpng » Version: 1.2.2-20
cpe:2.3:a:redhat:libpng:1.2.2-20:*:*:*:*:*:*:*
Matching versions
Redhat » Libpng » Version: 1.2.2-16
cpe:2.3:a:redhat:libpng:1.2.2-16:*:*:*:*:*:*:*
Matching versions
Trustix » Secure Linux » Version: 2.0
cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
Matching versions
Trustix » Secure Linux » Version: 2.1
cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
Matching versions
Openpkg » Openpkg » Version: 1.3
cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
Matching versions
Openpkg » Openpkg » Version: 2.0
cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.0.13
cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.0.14
cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.0.9
cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.0.7
cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.2.1
cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.0.0
cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.0.6
cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.0.8
cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.0.5
cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.0.10
cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.0.12
cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.0.11
cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.2.0
cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.2.2
cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.2.5
cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.2.3
cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.2.4
cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-0421

EPSS FAQ

2.46%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 84 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-0421

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2004-0421

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2004-0421

http://marc.info/?l=bugtraq&m=108335030208523&w=2

'TSLSA-2004-0025 - multi' - MARC
Mailing List

CVEs referencing this url
http://marc.info/?l=fedora-announce-list&m=108451353608968&w=2

'[SECURITY] Fedora Core 1 Update: libpng10-1.0.13-11' - MARC
Mailing List
http://marc.info/?l=bugtraq&m=108334922320309&w=2

'[OpenPKG-SA-2004.017] OpenPKG Security Advisory (png)' - MARC
Mailing List
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212

Advisories - Mandriva Linux
Third Party Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2004:040

Advisories - Mandriva Linux
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16022

libpng PNG image denial of service CVE-2004-0421 Vulnerability Report
Broken Link;VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710

404 Not Found
Broken Link
http://www.debian.org/security/2004/dsa-498

Debian -- The Universal Operating System
Broken Link
http://www.redhat.com/support/errata/RHSA-2004-180.html

Support
Broken Link;Patch;Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2004-181.html

Support
Broken Link
http://secunia.com/advisories/22958

About Secunia Research | Flexera
Broken Link

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2006:213

Advisories - Mandriva Linux
Third Party Advisory

CVEs referencing this url
http://marc.info/?l=fedora-announce-list&m=108451350029261&w=2

'[SECURITY] Fedora Core 1 Update: libpng-1.2.2-20' - MARC
Mailing List
http://secunia.com/advisories/22957

About Secunia Research | Flexera
Broken Link

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971

404 Not Found
Broken Link
http://lists.apple.com/mhonarc/security-announce/msg00056.html

Broken Link

CVEs referencing this url
http://www.securityfocus.com/bid/10244

Broken Link;Patch;Third Party Advisory;VDB Entry;Vendor Advisory

Jump to

Vulnerability Details : CVE-2004-0421

Products affected by CVE-2004-0421

Exploit prediction scoring system (EPSS) score for CVE-2004-0421

CVSS scores for CVE-2004-0421

CWE ids for CVE-2004-0421

References for CVE-2004-0421