VDB
CVE-2004-0421
CVE-2004-0421
PUBLISHED
CVSS 5 MEDIUM
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
EPSS 3.31% · 87.5th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
3.31%
87.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| redhat | enterprise_linux | 3.0, 2.1 |
| trustix | secure_linux | 2.1, 2.0 |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | libpng | 1.2.2-16, 1.2.2-20 |
| libpng | libpng | 1.0.9, 1.0.11, 1.0.13 |
| openpkg | openpkg | 1.3, 2.0 |
Exploit Intelligence
- FEDORA-2004-106 (circl)
- 20040429 [OpenPKG-SA-2004.017] OpenPKG Security Advisory (png) (circl)
- oval:org.mitre.oval:def:971 (circl)
- DSA-498 (circl)
- oval:org.mitre.oval:def:11710 (circl)
- MDKSA-2004:040 (circl)
- 22958 (circl)
- libpng-png-dos(16022) (circl)
- APPLE-SA-2004-09-09 (circl)
- 10244 (circl)
…and 7 more exploits
Timeline
- May 5, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
References
- FEDORA-2004-106 vendor-advisory
- 20040429 [OpenPKG-SA-2004.017] OpenPKG Security Advisory (png) mailing-list
- oval:org.mitre.oval:def:971 vdb
- DSA-498 vendor-advisory
- oval:org.mitre.oval:def:11710 vdb
- MDKSA-2004:040 vendor-advisory
- 22958 third-party-advisory
- libpng-png-dos(16022) vdb
- APPLE-SA-2004-09-09 vendor-advisory
- 10244 vdb
- FEDORA-2004-105 vendor-advisory
- MDKSA-2006:213 vendor-advisory
- RHSA-2004:180 vendor-advisory
- MDKSA-2006:212 vendor-advisory
- 2004-0025 vendor-advisory
- RHSA-2004:181 vendor-advisory
- 22957 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2004-0421 advisory