CVE-2004-0768

Description

libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.

Affected products

• greg_roelofs / libpng31.2.0 – 1.2.0
• greg_roelofs / libpng31.2.1 – 1.2.1
• greg_roelofs / libpng31.2.2 – 1.2.2
• greg_roelofs / libpng31.2.3 – 1.2.3
• greg_roelofs / libpng31.2.4 – 1.2.4
• greg_roelofs / libpng31.2.5 – 1.2.5

References

• MISChttps://bugzilla.fedora.us/show_bug.cgi?id=1943
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-536
• MISChttp://security.gentoo.org/glsa/glsa-200812-15.xml
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/16914
• VENDOR_ADVISORYhttp://secunia.com/advisories/33137