CVE-2008-3964

Name of the Vulnerable Software and Affected Versions libpng versions prior to 1.2.32beta01 libpng versions 1.4 prior to 1.4.0beta34

Description The issue is related to multiple off-by-one errors in libpng, allowing context-dependent attackers to cause a denial of service or have unspecified other impact via a PNG image with crafted zTXt chunks. This is related to the png push read zTXt function in pngread.c and possibly pngtest.c.

Recommendations For libpng versions prior to 1.2.32beta01, update to version 1.2.32beta01 or later. For libpng versions 1.4 prior to 1.4.0beta34, update to version 1.4.0beta34 or later. As a temporary workaround, consider restricting the use of crafted zTXt chunks in PNG images until a patch is available.