CVE-2004-0598

Name of the Vulnerable Software and Affected Versions libpng versions 1.2.5 and earlier

Description The issue concerns multiple vulnerabilities in the libpng package of the openSUSE operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, the png handle iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.

Recommendations For libpng versions 1.2.5 and earlier, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider restricting the use of libpng until a patch is available.