CVE-2004-0768

libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.

Published: Oct 20, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0768
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
greg_roelofs / libpng3	1.2.3	1.2.3.x
greg_roelofs / libpng3	1.2.5	1.2.5.x
greg_roelofs / libpng3	1.2.4	1.2.4.x
greg_roelofs / libpng3	1.2.1	1.2.1.x
greg_roelofs / libpng3	1.2.2	1.2.2.x
greg_roelofs / libpng3	1.2.0	1.2.0.x

http://secunia.com/advisories/33137
http://security.gentoo.org/glsa/glsa-200812-15.xml
http://www.debian.org/security/2004/dsa-536
https://bugzilla.fedora.us/show_bug.cgi?id=1943
https://exchange.xforce.ibmcloud.com/vulnerabilities/16914

Vulnerability Database

290,278

CVE-2004-0768