CVE-2004-0421

CWE-125 — Out-of-bounds Read12 documents5 sources

Severity

5.0MEDIUM

EPSS

3.3%

top 12.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libpng Libpng Openpkg Openpkg Redhat Enterprise Linux +3 more

Timeline

PublishedAug 18

Latest updateApr 29

Description

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDlibpng/libpng17 versions+16

▶NVDredhat/libpng1.2.2-16, 1.2.2-20+1

▶NVDopenpkg/openpkg1.3, 2.0+1

▶NVDtrustix/secure_linux2.0, 2.1+1

▶NVDredhat/enterprise_linux_desktop3.0

Also affects: Enterprise Linux 2.1, 3.0

Patches

Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-f6gc-489h-x492: The Portable Network Graphics library (libpng) 1↗2022-04-29

▶

CVEList

CVE-2004-0421: The Portable Network Graphics library (libpng) 1↗2004-05-05

▶

📋Vendor Advisories

Red Hat

libpng: regression of CVE-2004-0421 in 1.2.23+↗2011-06-07

▶

Red Hat

CAN-2004-0421 libpng can access out of bounds memory↗2004-04-29

▶

💬Community

Bugzilla

CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all]↗2011-06-29

▶

Bugzilla

CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all]↗2011-06-29

▶

Bugzilla

CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all]↗2011-06-29

▶

Bugzilla

CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-5]↗2011-06-29

▶

Bugzilla

CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-6]↗2011-06-29

▶