CVE-2002-1363

Name of the Vulnerable Software and Affected Versions libpng versions 1.0.6 through 1.2.5 libpng version 1.0.14

Description The issue is related to the incorrect calculation of offsets in the libpng library, which can lead to a buffer overflow attack, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via a maliciously crafted PNG file. The vulnerability can be exploited remotely, potentially disrupting the confidentiality, integrity, and availability of protected information.

Recommendations For libpng versions 1.0.6 through 1.2.5, update to a version later than 1.2.5 to resolve the issue. For libpng version 1.0.14, consider disabling the use of libpng until a patch is available. As a temporary workaround, restrict access to PNG files from untrusted sources to minimize the risk of exploitation.