Executive Summary

Informations
Name	CVE-2004-0598	First vendor Publication	2004-11-23
Vendor	Cve	Last vendor Modification	2010-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0598

OVAL Definitions

 

Definition Id: oval:org.mitre.oval:def:2572
Oval ID:	oval:org.mitre.oval:def:2572
Title:	DoS Vulnerability in libpng function png_handle_iCCP()
Description:	The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0598	Version:	1
Platform(s):	Sun Solaris 7	Product(s):	libpng
Definition Synopsis:
Solaris 7,8,or 9 installed Solaris 8 Installed AND Solaris 7 Installed AND Solaris 9 Installed AND Netscape installed

 

Definition Id: oval:org.mitre.oval:def:10203
Oval ID:	oval:org.mitre.oval:def:10203
Title:	The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.
Description:	The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0598	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section libpng10-devel is earlier than 0:1.0.13-15 AND libpng-devel is earlier than 2:1.2.2-25 AND libpng is earlier than 2:1.2.2-25 AND libpng10 is earlier than 0:1.0.13-15

CPE : Common Platform Enumeration

Type	Description	Count
Application	Greg Roelofs Libpng cpe:/a:greg_roelofs:libpng:1.2.5	1

Open Source Vulnerability Database (OSVDB)

id	Description
8313	libpng png_handle_iCCP() Function NULL Pointer Dereference DoS

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/10857
BUGTRAQ	http://marc.theaimsgroup.com/?l=bugtraq&m=109163866717909&w=2
CERT	http://www.us-cert.gov/cas/techalerts/TA04-217A.html
CERT-VN	http://www.kb.cert.org/vuls/id/236656
CONECTIVA	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856
CONFIRM	http://www.mozilla.org/projects/security/known-vulnerabilities.html
DEBIAN	http://www.debian.org/security/2004/dsa-536
FEDORA	https://bugzilla.fedora.us/show_bug.cgi?id=1943
GENTOO	http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml
HP	http://marc.theaimsgroup.com/?l=bugtraq&m=109181639602978&w=2
MANDRAKE	http://www.mandriva.com/security/advisories?name=MDKSA-2004:079
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDKSA-2006:212 http://www.mandriva.com/security/advisories?name=MDKSA-2006:213
MISC	http://scary.beasts.org/security/CESA-2004-001.txt
REDHAT	http://www.redhat.com/support/errata/RHSA-2004-402.html http://www.redhat.com/support/errata/RHSA-2004-429.html
SCO	http://marc.theaimsgroup.com/?l=bugtraq&m=109761239318458&w=2
SECUNIA	http://secunia.com/advisories/22957 http://secunia.com/advisories/22958
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1
SUSE	http://www.novell.com/linux/security/advisories/2004_23_libpng.html
TRUSTIX	http://www.trustix.net/errata/2004/0040/
XF	http://xforce.iss.net/xforce/xfdb/16895

Alert History

Date	Informations
2013-05-11 11:42:07	Multiple Updates