CVE-2008-3964
Published Sep 11, 2008
Last updated 3 years ago
Overview
- Description
- Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-193
Vendor comments
- Red HatNot vulnerable. These issues did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F293C5F-122C-49DA-880A-BA95EE79A42A",
"versionEndExcluding": "1.2.32"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F44C0B27-5D6D-41E4-8EA9-F6F88D347C44"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE5DEC4E-76F7-486C-B4E0-F3D88695A9E6"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC4807AA-BCD3-45D0-9C1D-4B8AD878B327"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F257A4AC-6B13-4D67-B168-AD5BF28962DB"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11DDEF8A-B308-46A2-B368-C46688C3E54B"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3426A085-E295-47A5-8D2F-C55451EB89BA"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "74E87513-DA93-4AE0-89FB-08902997810A"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97187A00-2680-45AA-AAE7-F16DD01957AF"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14A3D8E7-AE1E-4D4E-9B9F-98CC50AF984C"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C517B08-4D43-457D-BD00-6920CF2924B3"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7FC9A8E-0CE8-4B9F-AFFF-D8AFC16013AD"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68658B69-A70B-4982-8E14-57202F8DA03C"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CD59594-E67B-460E-A8A7-1A2A57187050"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta21:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52510ECE-10CB-4F8B-827E-8DB1784EA1CC"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta22:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1EF398FE-E664-460A-9B21-4B0C454A053F"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta23:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89799F7C-B866-4647-8A56-302F1E006506"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta24:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E43A4742-A419-49FA-9F60-F6E77E4D2870"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta25:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4880A92D-3A86-451C-8995-54068FBB1B0D"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta26:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7B88A47-4E4C-49E6-978C-468530C87C43"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta27:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "336375B9-8B1C-46F1-A512-4EE631A1E18F"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta28:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7229CC7-A325-4C68-BD76-BEE198E09F0D"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta29:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43803CBE-A2F4-40EC-97EB-63526240D5DE"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F0F7323-986F-4E3A-AA8C-BDBFA2B53F05"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta30:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "626FEAE3-ABDE-4E50-9549-6C2D4415EF5E"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta31:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF5EE51D-586A-4454-B746-8A18FFA84005"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta32:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCF71D7A-5B9B-4973-9143-D3625383A3F5"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta33:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6129A9F4-343E-4DCB-B252-DA0744A7C5BE"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D4C2F83-2302-43B3-8DB7-EA4DD7D75283"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C88C4762-4EBE-442D-9154-89EFD8654409"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E512280-AC4B-401D-A499-A460AD1F2C99"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76C52B6B-9CCB-458C-ABF9-5E334ABB107B"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84EE5F48-E15F-4CE9-84F3-9859F72D9651"
},
{
"criteria": "cpe:2.3:a:libpng:libpng:1.4.0:beta9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35B244AD-138C-406D-99F4-E33BDF87BFA8"
}
],
"operator": "OR"
}
]
}
]