Описание
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 14.0.835.202~r103287-0ubuntu1 |
| hardy | DNE | |
| lucid | released | 14.0.835.202~r103287-0ubuntu0.10.04.2 |
| maverick | released | 14.0.835.202~r103287-0ubuntu0.10.10.1 |
| natty | released | 14.0.835.202~r103287-0ubuntu0.11.04.1 |
| oneiric | released | 14.0.835.202~r103287-0ubuntu1 |
| precise | not-affected | 14.0.835.202~r103287-0ubuntu1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 8.0~b4+build1-0ubuntu2 |
| hardy | ignored | end of life |
| lucid | released | 10.0+build1-0ubuntu0.10.04.2 |
| maverick | ignored | end of life |
| natty | released | 8.0+build1-0ubuntu0.11.04.1 |
| oneiric | released | 8.0+build1-0ubuntu0.11.10.1 |
| precise | released | 8.0~b4+build1-0ubuntu2 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.2.46-3ubuntu1 |
| hardy | not-affected | 1.2.15~beta5-3ubuntu0.3 |
| lucid | released | 1.2.42-1ubuntu2.2 |
| maverick | released | 1.2.44-1ubuntu0.1 |
| natty | released | 1.2.44-1ubuntu3.1 |
| oneiric | not-affected | 1.2.46-3ubuntu1 |
| precise | not-affected | 1.2.46-3ubuntu1 |
| upstream | released | 1.2.44-3 |
Показывать по
4.3 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1. ...
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
4.3 Medium
CVSS2
6.5 Medium
CVSS3