CVE-2004-0597

libpng <1.2.5 - RCE

Title source: llm

Description

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

Exploits (3)

exploitdb WORKING POC VERIFIED

by ATmaCA · cremotewindows

https://www.exploit-db.com/exploits/25094

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by anonymous · clocallinux

https://www.exploit-db.com/exploits/393

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by infamous41md · cremotelinux

https://www.exploit-db.com/exploits/389

View Code ZIP pw:eip

References (42)

[Various Sources] ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

[Mailing List] http://lists.apple.com/mhonarc/security-announce/msg00056.html

[Mailing List] http://marc.info/?l=bugtraq&m=109163866717909&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=109181639602978&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=109761239318458&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=109900315219363&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=110796779903455&w=2

[Exploit, Vendor Advisory] http://scary.beasts.org/security/CESA-2004-001.txt

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1

[Patch] http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679

[Various Sources] http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10

[Patch, Vendor Advisory] http://www.debian.org/security/2004/dsa-536

[Patch, Vendor Advisory] http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml

[Patch, Vendor Advisory] http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/388984

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/817368

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2004:079

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2006:212

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2006:213

... and 22 more

Scores

EPSS 0.8321

EPSS Percentile 99.3%

Details

Status published

Products (7)

greg_roelofs/libpng < 1.2.5

microsoft/msn_messenger 6.1

microsoft/msn_messenger 6.2

microsoft/windows_98se

microsoft/windows_me

microsoft/windows_media_player 9

microsoft/windows_messenger 5.0

Published Nov 23, 2004

Tracked Since Feb 18, 2026