PT-2002-1064 · Libpng · Libpng3+1

Published

2002-08-10

Updated

2016-12-08

CVE-2002-0660

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libpng versions 1.0.12 through 1.0.14 libpng3 version 1.2.1-1.1.woody.2

Description The issue allows attackers to cause a denial of service and possibly execute arbitrary code. Exploitation of the vulnerabilities may lead to a breach of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited remotely.

Recommendations For libpng versions 1.0.12 through 1.0.14, update to a version that contains a fix for this issue. For libpng3 version 1.2.1-1.1.woody.2, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to libpng functions until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-08153

BDU:2015-08154

CVE-2002-0660

DSA-140

Affected Products

Libpng

Libpng3

PT-2002-1064 · Libpng · Libpng3+1

CVE-2002-0660

Related Identifiers

Affected Products

References · 7