CVE-2008-3964

Published Sep 11, 2008

Last updated a month ago

CVSS info 4.3

Overview

Description: Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-193

Hype score: Not currently trending

Vendor comments

Red HatNot vulnerable. These issues did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F293C5F-122C-49DA-880A-BA95EE79A42A",
            "versionEndExcluding": "1.2.32"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F44C0B27-5D6D-41E4-8EA9-F6F88D347C44"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE5DEC4E-76F7-486C-B4E0-F3D88695A9E6"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC4807AA-BCD3-45D0-9C1D-4B8AD878B327"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F257A4AC-6B13-4D67-B168-AD5BF28962DB"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11DDEF8A-B308-46A2-B368-C46688C3E54B"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3426A085-E295-47A5-8D2F-C55451EB89BA"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74E87513-DA93-4AE0-89FB-08902997810A"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97187A00-2680-45AA-AAE7-F16DD01957AF"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14A3D8E7-AE1E-4D4E-9B9F-98CC50AF984C"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta18:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C517B08-4D43-457D-BD00-6920CF2924B3"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta19:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7FC9A8E-0CE8-4B9F-AFFF-D8AFC16013AD"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68658B69-A70B-4982-8E14-57202F8DA03C"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CD59594-E67B-460E-A8A7-1A2A57187050"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta21:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52510ECE-10CB-4F8B-827E-8DB1784EA1CC"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta22:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EF398FE-E664-460A-9B21-4B0C454A053F"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta23:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89799F7C-B866-4647-8A56-302F1E006506"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta24:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E43A4742-A419-49FA-9F60-F6E77E4D2870"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4880A92D-3A86-451C-8995-54068FBB1B0D"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta26:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7B88A47-4E4C-49E6-978C-468530C87C43"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta27:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "336375B9-8B1C-46F1-A512-4EE631A1E18F"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta28:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7229CC7-A325-4C68-BD76-BEE198E09F0D"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta29:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43803CBE-A2F4-40EC-97EB-63526240D5DE"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F0F7323-986F-4E3A-AA8C-BDBFA2B53F05"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta30:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "626FEAE3-ABDE-4E50-9549-6C2D4415EF5E"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta31:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF5EE51D-586A-4454-B746-8A18FFA84005"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta32:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCF71D7A-5B9B-4973-9143-D3625383A3F5"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta33:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6129A9F4-343E-4DCB-B252-DA0744A7C5BE"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D4C2F83-2302-43B3-8DB7-EA4DD7D75283"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C88C4762-4EBE-442D-9154-89EFD8654409"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E512280-AC4B-401D-A499-A460AD1F2C99"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76C52B6B-9CCB-458C-ABF9-5E334ABB107B"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84EE5F48-E15F-4CE9-84F3-9859F72D9651"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35B244AD-138C-406D-99F4-E33BDF87BFA8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References