Vulnerability/
CVE-2008-3964

4.3

CWE

193

10/9/2008

7/8/2024

CVE-2008-3964

First published: Wed Sep 10 2008(Updated: )

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Libpng Libpng	=1.4.0-beta21
Libpng Libpng	=1.4.0-beta32
Libpng Libpng	=1.4.0-beta2
Libpng Libpng	=1.4.0-beta3
Libpng Libpng	=1.4.0-beta4
Libpng Libpng	=1.4.0-beta5
Libpng Libpng	=1.4.0-beta6
Libpng Libpng	=1.4.0-beta7
Libpng Libpng	=1.4.0-beta8
Libpng Libpng	=1.4.0-beta9
Libpng Libpng	=1.4.0-beta10
Libpng Libpng	=1.4.0-beta11
Libpng Libpng	=1.4.0-beta12
Libpng Libpng	=1.4.0-beta13
Libpng Libpng	=1.4.0-beta14
Libpng Libpng	=1.4.0-beta15
Libpng Libpng	=1.4.0-beta16
Libpng Libpng	=1.4.0-beta17
Libpng Libpng	=1.4.0-beta18
Libpng Libpng	=1.4.0-beta19
Libpng Libpng	=1.4.0-beta20
Libpng Libpng	=1.4.0-beta22
Libpng Libpng	=1.4.0-beta23
Libpng Libpng	=1.4.0-beta24
Libpng Libpng	=1.4.0-beta25
Libpng Libpng	=1.4.0-beta26
Libpng Libpng	=1.4.0-beta27
Libpng Libpng	=1.4.0-beta28
Libpng Libpng	=1.4.0-beta29
Libpng Libpng	=1.4.0-beta30
Libpng Libpng	=1.4.0-beta31
Libpng Libpng	=1.4.0-beta33
Libpng Libpng	=1.4.0-beta1
Libpng Libpng	<1.2.32

Remedy

http://sourceforge.net/project/shownotes.php?release_id=624518

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Example email

Reference Links

collector/nvd-historical
collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/author
agent/description
agent/remedy
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/event
agent/tags
collector/mitre-cve
source/MITRE
vendor/libpng
canonical/libpng libpng
version/libpng libpng/1.4.0-beta21
version/libpng libpng/1.4.0-beta32
version/libpng libpng/1.4.0-beta2
version/libpng libpng/1.4.0-beta3
version/libpng libpng/1.4.0-beta4
version/libpng libpng/1.4.0-beta5
version/libpng libpng/1.4.0-beta6
version/libpng libpng/1.4.0-beta7
version/libpng libpng/1.4.0-beta8
version/libpng libpng/1.4.0-beta9
version/libpng libpng/1.4.0-beta10
version/libpng libpng/1.4.0-beta11
version/libpng libpng/1.4.0-beta12
version/libpng libpng/1.4.0-beta13
version/libpng libpng/1.4.0-beta14
version/libpng libpng/1.4.0-beta15
version/libpng libpng/1.4.0-beta16
version/libpng libpng/1.4.0-beta17
version/libpng libpng/1.4.0-beta18
version/libpng libpng/1.4.0-beta19
version/libpng libpng/1.4.0-beta20
version/libpng libpng/1.4.0-beta22
version/libpng libpng/1.4.0-beta23
version/libpng libpng/1.4.0-beta24
version/libpng libpng/1.4.0-beta25
version/libpng libpng/1.4.0-beta26
version/libpng libpng/1.4.0-beta27
version/libpng libpng/1.4.0-beta28
version/libpng libpng/1.4.0-beta29
version/libpng libpng/1.4.0-beta30
version/libpng libpng/1.4.0-beta31
version/libpng libpng/1.4.0-beta33
version/libpng libpng/1.4.0-beta1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203