CVE-2004-0597

Name of the Vulnerable Software and Affected Versions libpng versions 1.2.5 and earlier libpng version 1.0.6

Description The issue is related to multiple buffer overflows in libpng, which can be exploited by remote attackers via malformed PNG images. Specifically, the png handle tRNS function does not properly validate the length of transparency chunk (tRNS) data, and the png handle sBIT or png handle hIST functions do not perform sufficient bounds checking. This can lead to the execution of arbitrary code. The vulnerability can be exploited remotely, potentially disrupting the confidentiality, integrity, and availability of protected information.

Recommendations For libpng versions 1.2.5 and earlier, update to a version later than 1.2.5 to resolve the issue. For libpng version 1.0.6, update to a version later than 1.0.6 to resolve the issue. As a temporary workaround, consider restricting the use of libpng until a patch is available. Avoid using the png handle tRNS, png handle sBIT, and png handle hIST functions with untrusted PNG images until the issue is resolved.