CVE-2004-0599

Name of the Vulnerable Software and Affected Versions libpng versions 1.2.5 and earlier

Description The issue concerns multiple integer overflows in libpng, specifically in the png read png function, png handle sPLT functions, and the progressive display image reading capability. These overflows can be exploited remotely via a malformed PNG image, potentially leading to a denial of service (application crash) and compromising the confidentiality, integrity, and availability of protected information.

Recommendations For libpng versions 1.2.5 and earlier, consider updating to a version that addresses these integer overflows to prevent potential crashes and information compromise. As a temporary workaround, restrict the handling of PNG images from untrusted sources to minimize the risk of exploitation.