CVE-2004-0421

Name of the Vulnerable Software and Affected Versions libpng versions 1.0.15 and earlier libpng versions 1.0.6 and earlier libpng version 1.2.2

Description The issue allows attackers to cause a denial of service via a malformed PNG image file, triggering an error that causes an out-of-bounds read when creating the error message. Exploitation can be done remotely. It may also allow execution of arbitrary code using a specially crafted PNG file.

Recommendations For libpng versions 1.0.15 and earlier, update to a version later than 1.0.15 to resolve the issue. For libpng versions 1.0.6 and earlier, update to a version later than 1.0.6 to resolve the issue. For libpng version 1.2.2, update to a version later than 1.2.2 to resolve the issue. As a temporary workaround, consider restricting the use of libpng until a patch is available. Avoid using libpng to process untrusted PNG image files until the issue is resolved.