CVE-2008-3964 : Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0be

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

Published 2008-09-11 01:13:48

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2008-3964

Libpng » Libpng
Versions before (<) 1.2.32
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta1
cpe:2.3:a:libpng:libpng:1.4.0:beta1:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta10
cpe:2.3:a:libpng:libpng:1.4.0:beta10:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta11
cpe:2.3:a:libpng:libpng:1.4.0:beta11:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta12
cpe:2.3:a:libpng:libpng:1.4.0:beta12:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta13
cpe:2.3:a:libpng:libpng:1.4.0:beta13:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta14
cpe:2.3:a:libpng:libpng:1.4.0:beta14:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta15
cpe:2.3:a:libpng:libpng:1.4.0:beta15:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta16
cpe:2.3:a:libpng:libpng:1.4.0:beta16:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta17
cpe:2.3:a:libpng:libpng:1.4.0:beta17:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta18
cpe:2.3:a:libpng:libpng:1.4.0:beta18:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta19
cpe:2.3:a:libpng:libpng:1.4.0:beta19:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta2
cpe:2.3:a:libpng:libpng:1.4.0:beta2:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta20
cpe:2.3:a:libpng:libpng:1.4.0:beta20:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta21
cpe:2.3:a:libpng:libpng:1.4.0:beta21:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta22
cpe:2.3:a:libpng:libpng:1.4.0:beta22:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta23
cpe:2.3:a:libpng:libpng:1.4.0:beta23:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta24
cpe:2.3:a:libpng:libpng:1.4.0:beta24:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta25
cpe:2.3:a:libpng:libpng:1.4.0:beta25:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta26
cpe:2.3:a:libpng:libpng:1.4.0:beta26:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta27
cpe:2.3:a:libpng:libpng:1.4.0:beta27:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta28
cpe:2.3:a:libpng:libpng:1.4.0:beta28:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta29
cpe:2.3:a:libpng:libpng:1.4.0:beta29:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta3
cpe:2.3:a:libpng:libpng:1.4.0:beta3:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta30
cpe:2.3:a:libpng:libpng:1.4.0:beta30:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta31
cpe:2.3:a:libpng:libpng:1.4.0:beta31:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta32
cpe:2.3:a:libpng:libpng:1.4.0:beta32:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta33
cpe:2.3:a:libpng:libpng:1.4.0:beta33:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta4
cpe:2.3:a:libpng:libpng:1.4.0:beta4:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta5
cpe:2.3:a:libpng:libpng:1.4.0:beta5:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta6
cpe:2.3:a:libpng:libpng:1.4.0:beta6:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta7
cpe:2.3:a:libpng:libpng:1.4.0:beta7:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta8
cpe:2.3:a:libpng:libpng:1.4.0:beta8:*:*:*:*:*:*
Matching versions
Libpng » Libpng » Version: 1.4.0 Update Beta9
cpe:2.3:a:libpng:libpng:1.4.0:beta9:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-3964

EPSS FAQ

1.68%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-3964

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2008-3964

CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2008-3964

Red Hat 2017-08-07

Not vulnerable. These issues did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

References for CVE-2008-3964

http://www.vupen.com/english/advisories/2009/1462

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Permissions Required

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2008/09/09/8

Mailing List;Third Party Advisory
http://security.gentoo.org/glsa/glsa-200812-15.xml

Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/31781

Third Party Advisory
http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517

Product;Third Party Advisory
http://sourceforge.net/project/shownotes.php?release_id=624518

Broken Link;Patch
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm

ASA-2009-208 (SUN 259989)
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/33137

Third Party Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/2512

Permissions Required
http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement

Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:051

Mandriva
Broken Link

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1

Broken Link

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/44928

Third Party Advisory;VDB Entry
http://www.vupen.com/english/advisories/2009/1560

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Permissions Required

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2008/09/09/3

Mailing List;Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1

Broken Link

CVEs referencing this url
http://www.securityfocus.com/bid/31049

Third Party Advisory;VDB Entry
http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624

Exploit;Third Party Advisory
http://secunia.com/advisories/35302

About Secunia Research | Flexera
Third Party Advisory

CVEs referencing this url
http://www.kb.cert.org/vuls/id/889484

Third Party Advisory;US Government Resource
http://secunia.com/advisories/35386

About Secunia Research | Flexera
Third Party Advisory

CVEs referencing this url