medium
5
CWE
NVD-CWE-Other 125
Advisory Published
CVE Published
CVE Published
Updated

CVE-2004-0421

First published: Mon Apr 19 2004(Updated: )

From: Steve G <linux_4ever> In the png_format_buffer function located in pngerror.c around line 133 is the following code: if (message == NULL) buffer[iout] = 0; else { buffer[iout++] = ':'; buffer[iout++] = ' '; png_memcpy(buffer+iout, message, 64); buffer[iout+63] = 0; } This code is called from the png_chunk_error & png_chunk_warning functions. An example of their use would be in pngutil.c around line 119. png_chunk_error(png_ptr, "CRC error"); In the above code, the message being constructed is only 10 characters long. The png_memcpy function will unconditionally access 54 bytes beyond the message. This could cause a carefully crafted png image to cause a denial of service. Possibly embargoed; marking as embargoed until communicated otherwise.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
libp2p=1.0.0
libp2p=1.0.5
libp2p=1.0.6
libp2p=1.0.7
libp2p=1.0.8
libp2p=1.0.9
libp2p=1.0.10
libp2p=1.0.11
libp2p=1.0.12
libp2p=1.0.13
libp2p=1.0.14
libp2p=1.2.0
libp2p=1.2.1
libp2p=1.2.2
libp2p=1.2.3
libp2p=1.2.4
libp2p=1.2.5
Openpetra=1.3
Openpetra=2.0
libpng=1.2.2-16
libpng=1.2.2-20
Red Hat Enterprise Linux=2.1
Red Hat Enterprise Linux=3.0
Red Hat Enterprise Linux Desktop=3.0
Trustix Secure Linux=2.0
Trustix Secure Linux=2.1
Libpng=1.0
Libpng=1.0.5
Libpng=1.0.6
Libpng=1.0.7
Libpng=1.0.8
Libpng=1.0.9
Libpng=1.0.10
Libpng=1.0.11
Libpng=1.0.12
Libpng=1.0.13
Libpng=1.0.14
Greg Roelofs libpng=1.2.0
Greg Roelofs libpng=1.2.1
Greg Roelofs libpng=1.2.2
Greg Roelofs libpng=1.2.3
Greg Roelofs libpng=1.2.4
Greg Roelofs libpng=1.2.5
libpng=1.2.2-16
libpng=1.2.2-16
libpng=1.2.2-20
libpng=1.2.2-20
libpng=10.1.0.13.8
libpng=10.1.0.13.8
libpng=10.1.0.13.11
libpng=10.1.0.13.11
Red Hat Enterprise Linux=2.1
Red Hat Enterprise Linux=2.1
Red Hat Enterprise Linux=2.1
Red Hat Enterprise Linux=3.0
Red Hat Enterprise Linux=3.0
Red Hat Enterprise Linux=3.0
Red Hat Linux Advanced Workstation=2.1
Red Hat Linux Advanced Workstation=2.1

Remedy

http://www.redhat.com/support/errata/RHSA-2004-180.html

Remedy

http://www.securityfocus.com/bid/10244

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2004-0421?

    CVE-2004-0421 is classified as a high severity vulnerability due to potential information disclosure.

  • How do I fix CVE-2004-0421?

    To remediate CVE-2004-0421, upgrade to a patched version of libpng or apply the recommended security fixes provided by your distribution.

  • What versions of libpng are affected by CVE-2004-0421?

    CVE-2004-0421 affects libpng versions 1.0.0 through 1.2.5.

  • Can CVE-2004-0421 lead to code execution?

    CVE-2004-0421 primarily poses a risk of information disclosure rather than direct code execution.

  • Is there a known exploit for CVE-2004-0421?

    There are reports of exploit code being developed for CVE-2004-0421, thus it is advisable to take mitigation measures promptly.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203