CVE-2004-0421 — Vulnetix

Try Vulnetix Request Demo

CVE-2004-0421 PUBLISHED CVSS 5 MEDIUM

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

EPSS 3.31% · 87.1th percentile

Risk Scores

CVSS v2.0

5

EPSS Score

3.31%

87.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
redhat	enterprise_linux	2.1, 3.0
trustix	secure_linux	2.1, 2.0
redhat	enterprise_linux_desktop	3.0
redhat	libpng	1.2.2-20, 1.2.2-16
libpng	libpng	1.0.11, 1.0.12, 1.0.13
openpkg	openpkg	2.0, 1.3

Timeline

May 5, 2004 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Aug 31, 2023 EPSS Score
Oct 22, 2023 EPSS Score
Dec 13, 2023 EPSS Score

References

FEDORA-2004-106 vendor-advisory
20040429 [OpenPKG-SA-2004.017] OpenPKG Security Advisory (png) mailing-list
oval:org.mitre.oval:def:971 vdb
DSA-498 vendor-advisory
oval:org.mitre.oval:def:11710 vdb
MDKSA-2004:040 vendor-advisory
22958 third-party-advisory
libpng-png-dos(16022) vdb
APPLE-SA-2004-09-09 vendor-advisory
10244 vdb
FEDORA-2004-105 vendor-advisory
MDKSA-2006:213 vendor-advisory
RHSA-2004:180 vendor-advisory
MDKSA-2006:212 vendor-advisory
2004-0025 vendor-advisory
RHSA-2004:181 vendor-advisory
22957 third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2004-0421 advisory

Open in Interactive Console →