CVE-2004-0599 — Vulnetix

CVE-2004-0599 PUBLISHED CVSS 5 MEDIUM

Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.

EPSS 32.42% · 97.0th percentile

Risk Scores

CVSS 2.0

EPSS Score

32.42%

97.0th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
greg_roelofs	libpng	0

Exploit Intelligence

FILE-IMAGE Microsoft Multiple Products PNG large image height download attempt [disabled] (vulnetix)
FILE-IMAGE Microsoft Multiple Products PNG large image height download attempt [disabled] (community-snort)
FILE-IMAGE Microsoft Multiple Products PNG large image height download attempt [disabled] (community-snort)
APPLE-SA-2004-09-09 (circl)
DSA-570 (circl)
oval:org.mitre.oval:def:1479 (circl)
SCOSA-2005.49 (circl)
RHSA-2004:421 (circl)
SSRT4778 (circl)
GLSA-200408-22 (circl)

…and 30 more exploits

Timeline

CVE Published
Sep 23, 2010 PoC Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Apr 3, 2023 EPSS Score
Jul 13, 2023 EPSS Score
Jul 17, 2023 EPSS Score

References

2004-0040 vendor-advisory
VU#477512 third-party-advisory
200663 vendor-advisory
http://www.mozilla.org/projects/security/known-vulnerabilities.html url
oval:org.mitre.oval:def:1479 vdb
SCOSA-2005.49 vendor-advisory
RHSA-2004:421 vendor-advisory
RHSA-2004:402 vendor-advisory
GLSA-200408-22 vendor-advisory
22958 third-party-advisory
FLSA:2089 vendor-advisory
FLSA:1943 vendor-advisory
lilbpng-integer-bo(16896) vdb
SCOSA-2004.16 vendor-advisory
http://scary.beasts.org/security/CESA-2004-001.txt url
RHSA-2004:429 vendor-advisory
15495 vdb
DSA-536 vendor-advisory
oval:org.mitre.oval:def:10938 vdb
APPLE-SA-2004-09-09 vendor-advisory

…and 17 more

Open in Interactive Console →