VDB
CVE-2002-0728
CVE-2002-0728
PUBLISHED
CVSS 5 MEDIUM
Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.
EPSS 0.54% · 68.1th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.54%
68.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| greg_roelofs | libpng | 1.0.14, 1.2.4 |
| n/a | n/a | n/a |
Exploit Intelligence
- DSA-140 (circl)
- ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207 (circl)
- RHSA-2002:152 (circl)
- CLA-2002:512 (circl)
- MDKSA-2002:049 (circl)
Timeline
- Jul 26, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 3, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
References
- DSA-140 vendor-advisory
- ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207 url
- RHSA-2002:152 vendor-advisory
- CLA-2002:512 vendor-advisory
- MDKSA-2002:049 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2002-0728 advisory