CVE Database

CVE-2004-0597

Impact: Critical
Public: 2004-08-04

Details

The MITRE CVE dictionary describes this issue as:

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

Find out more about CVE-2004-0597 from the MITRE CVE dictionary and NIST NVD.

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux 2.1 RHSA-2004:429 August 18, 2004
Red Hat Enterprise Linux version 2.1 (libpng) RHSA-2004:402 August 04, 2004
Red Hat Enterprise Linux version 3 RHSA-2004:402 August 04, 2004
Red Hat Enterprise Linux version 3 (mozilla) RHSA-2004:421 August 04, 2004
Red Hat Linux Advanced Workstation 2.1 (galeon) RHSA-2004:421 August 04, 2004

External References

Acknowledgements

Red Hat would like to thank Chris Evans for discovering these issues.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.