FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libpng stack-based buffer overflow and other code concerns

Affected packages
png <= 1.2.5_7
linux-png <= 1.0.14_3
1.2 <= linux-png <= 1.2.2
firefox < 0.9.3
thunderbird < 0.7.3
linux-mozilla < 1.7.2
linux-mozilla-devel < 1.7.2
mozilla < 1.7.2,2
1.8.a,2 <= mozilla <= 1.8.a2,2
mozilla-gtk1 < 1.7.2
netscape-communicator <= 4.78
netscape-navigator <= 4.78
ja-netscape-communicator-linux <= 4.8
ja-netscape-navigator-linux <= 4.8
ko-netscape-communicator-linux <= 4.8
ko-netscape-navigator-linux <= 4.8
linux-netscape-communicator <= 4.8
linux-netscape-navigator <= 4.8
ja-netscape7 <= 7.1
netscape7 <= 7.1
de-netscape7 <= 7.02
fr-netscape7 <= 7.02
pt_BR-netscape7 <= 7.02

Details

VuXML ID f9e3e60b-e650-11d8-9b0a-000347a4fa7d
Discovery 2004-08-04
Entry 2004-08-04
Modified 2004-08-15

Chris Evans has discovered multiple vulnerabilities in libpng, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS (Denial of Service).

References

CERT/CC Vulnerability Note 160448
CERT/CC Vulnerability Note 236656
CERT/CC Vulnerability Note 286464
CERT/CC Vulnerability Note 388984
CERT/CC Vulnerability Note 477512
CERT/CC Vulnerability Note 817368
CVE Name CVE-2004-0597
CVE Name CVE-2004-0598
CVE Name CVE-2004-0599
Message Pine.LNX.4.58.0408041840080.20655@sphinx.mythic-beasts.com
URL http://bugzilla.mozilla.org/show_bug.cgi?id=251381
URL http://dl.sourceforge.net/sourceforge/libpng/ADVISORY.txt
URL http://scary.beasts.org/security/CESA-2004-001.txt
URL http://secunia.com/advisories/12219
URL http://secunia.com/advisories/12232
URL http://www.osvdb.org/8312
URL http://www.osvdb.org/8313
URL http://www.osvdb.org/8314
URL http://www.osvdb.org/8315
URL http://www.osvdb.org/8316
US-CERT Technical Cyber Security Alert TA04-217A