VDB
CVE-2008-3964
CVE-2008-3964
PUBLISHED
CVSS 8.699999809265137 HIGH
Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.
EPSS 1.71% · 82.7th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
1.71%
82.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| libpng | libpng | 1.4.0, 1.4.0, 1.4.0 |
| n/a | n/a | n/a |
Exploit Intelligence
- http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517 (circl)
- [oss-security] 20080909 CVE request (libpng) (circl)
- 35386 (circl)
- 1020521 (circl)
- libpng-pngpushreadztxt-dos(44928) (circl)
- ADV-2009-1560 (circl)
- ADV-2009-1462 (circl)
- 31049 (circl)
- 259989 (circl)
- 35302 (circl)
…and 11 more exploits
Timeline
- Sep 10, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517 url
- [oss-security] 20080909 CVE request (libpng) mailing-list
- 35386 third-party-advisory
- 1020521 vendor-advisory
- libpng-pngpushreadztxt-dos(44928) vdb
- ADV-2009-1560 vdb
- ADV-2009-1462 vdb
- 31049 vdb
- 259989 vendor-advisory
- 35302 third-party-advisory
- [oss-security] 20080909 Re: CVE request (libpng) mailing-list
- VU#889484 third-party-advisory
- ADV-2008-2512 vdb
- GLSA-200812-15 vendor-advisory
- 31781 third-party-advisory
- 33137 third-party-advisory
- [png-mng-implement] 20080918 libpng-1.0.40 and libpng-1.2.32 available mailing-list
- http://sourceforge.net/project/shownotes.php?release_id=624518 url
- http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm url
- MDVSA-2009:051 vendor-advisory
…and 2 more