CVE-2008-3964 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-3964 PUBLISHED CVSS 8.699999809265137 HIGH

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

EPSS 1.71% · 82.2th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

1.71%

82.2th percentile

Affected Products

Vendor	Product	Versions
libpng	libpng	1.4.0, 0, 1.4.0
n/a	n/a	n/a

Timeline

Sep 10, 2008 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517 url
[oss-security] 20080909 CVE request (libpng) mailing-list
35386 third-party-advisory
1020521 vendor-advisory
libpng-pngpushreadztxt-dos(44928) vdb
ADV-2009-1560 vdb
ADV-2009-1462 vdb
31049 vdb
259989 vendor-advisory
35302 third-party-advisory
[oss-security] 20080909 Re: CVE request (libpng) mailing-list
VU#889484 third-party-advisory
ADV-2008-2512 vdb
GLSA-200812-15 vendor-advisory
31781 third-party-advisory
33137 third-party-advisory
[png-mng-implement] 20080918 libpng-1.0.40 and libpng-1.2.32 available mailing-list
http://sourceforge.net/project/shownotes.php?release_id=624518 url
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm url
MDVSA-2009:051 vendor-advisory

…and 2 more

Open in Interactive Console →