CVE-2008-3964

Advisory lineage Upstream: 0 Downstream: 1
Modified
Published: 10 Sept 2008, 15:00
Last modified:07 Aug 2024, 10:00

Vulnerability Summary

Overall Risk (default)
medium
28/100
CVSS Score
4.3 MEDIUM
v2.0 (nvd)
EPSS Score
1.71% LOW
2% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected

Timeline

10 Sept 2008, 15:00
Published
Vulnerability first disclosed
07 Aug 2024, 10:00
Last Modified
Vulnerability information updated

Description

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

CVSS Metrics

  • v2.0MEDIUMScore: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 1.71% Percentile: 83%

Techniques & Countermeasures

  • CWE-193Off-by-one Error

    A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Affected Systems

  • libpnglibpng

    < 1.2.32 | 1.4.0:beta1 | 1.4.0:beta10 | 1.4.0:beta11 | 1.4.0:beta12 | 1.4.0:beta13 | 1.4.0:beta14 | 1.4.0:beta15 | 1.4.0:beta16 | 1.4.0:beta17 | 1.4.0:beta18 | 1.4.0:beta19 | 1.4.0:beta2 | 1.4.0:beta20 | 1.4.0:beta21 | 1.4.0:beta22 | 1.4.0:beta23 | 1.4.0:beta24 | 1.4.0:beta25 | 1.4.0:beta26 | 1.4.0:beta27 | 1.4.0:beta28 | 1.4.0:beta29 | 1.4.0:beta3 | 1.4.0:beta30 | 1.4.0:beta31 | 1.4.0:beta32 | 1.4.0:beta33 | 1.4.0:beta4 | 1.4.0:beta5 | 1.4.0:beta6 | 1.4.0:beta7 | 1.4.0:beta8 | 1.4.0:beta9

References (21)