CVE-2002-0728

Name of the Vulnerable Software and Affected Versions libpng versions 1.0.x before 1.0.14 libpng versions 1.2.x before 1.2.4

Description The issue affects the libpng package, allowing remote exploitation that may lead to a violation of confidentiality, integrity, and availability of protected information. A buffer overflow in the progressive reader for libpng can be triggered by a PNG data stream with more IDAT data than indicated by the IHDR chunk, causing a denial of service (crash).

Recommendations For libpng versions 1.0.x before 1.0.14, update to version 1.0.14 or later to resolve the issue. For libpng versions 1.2.x before 1.2.4, update to version 1.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of libpng until a patch is available.