Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2004-0421

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

Published

2004-08-18T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-125
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application libpng libpng 1.0.0 Yes
Application libpng libpng 1.0.5 Yes
Application libpng libpng 1.0.6 Yes
Application libpng libpng 1.0.7 Yes
Application libpng libpng 1.0.8 Yes
Application libpng libpng 1.0.9 Yes
Application libpng libpng 1.0.10 Yes
Application libpng libpng 1.0.11 Yes
Application libpng libpng 1.0.12 Yes
Application libpng libpng 1.0.13 Yes
Application libpng libpng 1.0.14 Yes
Application libpng libpng 1.2.0 Yes
Application libpng libpng 1.2.1 Yes
Application libpng libpng 1.2.2 Yes
Application libpng libpng 1.2.3 Yes
Application libpng libpng 1.2.4 Yes
Application libpng libpng 1.2.5 Yes
Application openpkg openpkg 1.3 Yes
Application openpkg openpkg 2.0 Yes
Application redhat libpng 1.2.2-16 Yes
Application redhat libpng 1.2.2-20 Yes
Operating System redhat enterprise_linux 2.1 Yes
Operating System redhat enterprise_linux 3.0 Yes
Operating System redhat enterprise_linux_desktop 3.0 Yes
Operating System trustix secure_linux 2.0 Yes
Operating System trustix secure_linux 2.1 Yes
References