CVE-2004-0597

Impact:
Critical
Public Date:
2004-08-04

The MITRE CVE dictionary describes this issue as:

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

Find out more about CVE-2004-0597 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 2.1 RHSA-2004:429 2004-08-18
Red Hat Enterprise Linux version 2.1 (libpng) RHSA-2004:402 2004-08-04
Red Hat Enterprise Linux version 3 (mozilla) RHSA-2004:421 2004-08-04
Red Hat Linux Advanced Workstation 2.1 (galeon) RHSA-2004:421 2004-08-04
Red Hat Enterprise Linux version 3 RHSA-2004:402 2004-08-04

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 3 libpng 1.2.2-25 Fixed
Red Hat Enterprise Linux version 3 libpng10 1.0.13-15 Fixed

Acknowledgements

Red Hat would like to thank Chris Evans for discovering these issues.