CVE-2008-3964 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-3964
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-3964

Description: Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/44928 SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 SAID Secunia Advisory: SA31781 Secunia Advisory: SA35386 Secunia Advisory: SA35302 Secunia Advisory: SA33137 MLIST http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement http://www.openwall.com/lists/oss-security/2008/09/09/8 http://www.openwall.com/lists/oss-security/2008/09/09/3 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:051 GENTOO http://security.gentoo.org/glsa/glsa-200812-15.xml CONFIRM http://sourceforge.net/project/shownotes.php?release_id=624518 http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517 http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624 CERT-VN 889484 BID 31049

Return to the previous page.