Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0597

10 documents6 sources

Severity

10.0CRITICAL

EPSS

83.2%

top 0.73%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Greg Roelofs Libpng Microsoft MSN Messenger Microsoft Windows Media Player +1 more

Timeline

PublishedNov 23

Latest updateMay 3

Description

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDgreg_roelofs/libpng1.2.5

▶NVDmicrosoft/msn_messenger6.1, 6.2+1

▶NVDmicrosoft/windows_messenger5.0

▶NVDmicrosoft/windows_media_player9

Patches

Patch: www.adobe.com ↗Patch: www.debian.org ↗Patch: www.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-pjf2-ggxp-rg8p: Multiple buffer overflows in libpng 1↗2022-05-03

▶

CVEList

CVE-2004-0597: Multiple buffer overflows in libpng 1↗2004-08-05

▶

💥Exploits & PoCs

Exploit-DB

Microsoft MSN Messenger 6.2.0137 - '.png' Remote Buffer Overflow↗2005-02-08

▶

Exploit-DB

LibPNG 1.2.5 - 'png_jmpbuf()' Local Buffer Overflow↗2004-08-13

▶

Exploit-DB

LibPNG Graphics Library - Remote Buffer Overflow↗2004-08-11

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-08-04

▶

💬Community

Bugzilla

CVE-2004-0597 security flaw↗2018-08-16

▶

Bugzilla

CAN-2004-0597/98/99 multiple problems in libpng 1.2.5↗2004-07-14

▶

Bugzilla

CAN-2004-0597/98/99 multiple problems in libpng 1.2.5↗2004-07-14

▶