Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2008-3964
HistorySep 11, 2008 - 1:13 a.m.

CVE-2008-3964

2008-09-1101:13:47
CWE-193
mitre
web.nvd.nist.gov
45
cve-2008-3964
libpng
off-by-one errors
denial of service
crash
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.6

Confidence

High

EPSS

0.005

Percentile

75.9%

JSON

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

Affected configurations

Nvd
Node
libpnglibpngRange<1.2.32
OR
libpnglibpngMatch1.4.0beta1
OR
libpnglibpngMatch1.4.0beta10
OR
libpnglibpngMatch1.4.0beta11
OR
libpnglibpngMatch1.4.0beta12
OR
libpnglibpngMatch1.4.0beta13
OR
libpnglibpngMatch1.4.0beta14
OR
libpnglibpngMatch1.4.0beta15
OR
libpnglibpngMatch1.4.0beta16
OR
libpnglibpngMatch1.4.0beta17
OR
libpnglibpngMatch1.4.0beta18
OR
libpnglibpngMatch1.4.0beta19
OR
libpnglibpngMatch1.4.0beta2
OR
libpnglibpngMatch1.4.0beta20
OR
libpnglibpngMatch1.4.0beta21
OR
libpnglibpngMatch1.4.0beta22
OR
libpnglibpngMatch1.4.0beta23
OR
libpnglibpngMatch1.4.0beta24
OR
libpnglibpngMatch1.4.0beta25
OR
libpnglibpngMatch1.4.0beta26
OR
libpnglibpngMatch1.4.0beta27
OR
libpnglibpngMatch1.4.0beta28
OR
libpnglibpngMatch1.4.0beta29
OR
libpnglibpngMatch1.4.0beta3
OR
libpnglibpngMatch1.4.0beta30
OR
libpnglibpngMatch1.4.0beta31
OR
libpnglibpngMatch1.4.0beta32
OR
libpnglibpngMatch1.4.0beta33
OR
libpnglibpngMatch1.4.0beta4
OR
libpnglibpngMatch1.4.0beta5
OR
libpnglibpngMatch1.4.0beta6
OR
libpnglibpngMatch1.4.0beta7
OR
libpnglibpngMatch1.4.0beta8
OR
libpnglibpngMatch1.4.0beta9
VendorProductVersionCPE
libpnglibpng*cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
libpnglibpng1.4.0cpe:2.3:a:libpng:libpng:1.4.0:beta1:*:*:*:*:*:*
libpnglibpng1.4.0cpe:2.3:a:libpng:libpng:1.4.0:beta10:*:*:*:*:*:*
libpnglibpng1.4.0cpe:2.3:a:libpng:libpng:1.4.0:beta11:*:*:*:*:*:*
libpnglibpng1.4.0cpe:2.3:a:libpng:libpng:1.4.0:beta12:*:*:*:*:*:*
libpnglibpng1.4.0cpe:2.3:a:libpng:libpng:1.4.0:beta13:*:*:*:*:*:*
libpnglibpng1.4.0cpe:2.3:a:libpng:libpng:1.4.0:beta14:*:*:*:*:*:*
libpnglibpng1.4.0cpe:2.3:a:libpng:libpng:1.4.0:beta15:*:*:*:*:*:*
libpnglibpng1.4.0cpe:2.3:a:libpng:libpng:1.4.0:beta16:*:*:*:*:*:*
libpnglibpng1.4.0cpe:2.3:a:libpng:libpng:1.4.0:beta17:*:*:*:*:*:*
Rows per page:
1-10 of 341

References

Related

cert 1
ubuntucve 1
prion 1
veracode 1
cvelist 1
nvd 1
securityvulns 2
openvas 7
nessus 11
gentoo 1
ubuntu 1
osv 1
ibm 1
cert
cert
libpng off-by-one vulnerability
2008-10-02 00:00:00
ubuntucve
ubuntucve
CVE-2008-3964
2008-09-11 00:00:00
prion
prion
Code injection
2008-09-11 01:13:00
veracode
veracode
Denial Of Service (DoS)
2022-02-03 06:00:58
cvelist
cvelist
CVE-2008-3964
2008-09-10 15:00:00
nvd
nvd
CVE-2008-3964
2008-09-11 01:13:47
securityvulns
securityvulns
libpng code execution
2008-05-13 00:00:00
[ MDVSA-2009:051 ] libpng
2009-02-25 00:00:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:051 (libpng)
2009-03-02 00:00:00
Mandrake Security Advisory MDVSA-2009:051 (libpng)
2009-03-02 00:00:00
Gentoo Security Advisory GLSA 200812-15 (povray)
2008-12-23 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : libpng (MDVSA-2009:051)
2009-04-23 00:00:00
GLSA-200812-15 : POV-Ray: User-assisted execution of arbitrary code
2008-12-15 00:00:00
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : libpng vulnerabilities (USN-730-1)
2009-04-23 00:00:00
gentoo
gentoo
POV-Ray: User-assisted execution of arbitrary code
2008-12-14 00:00:00
ubuntu
ubuntu
libpng vulnerabilities
2009-03-06 00:00:00
osv
osv
libpng16-16-1.6.37-3.3 on GA media
2024-06-15 00:00:00
ibm
ibm
Security Bulletin: Gdal vulnerabilities affect IBM Netezza Analytics for NPS
2022-06-03 14:32:29

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.6

Confidence

High

EPSS

0.005

Percentile

75.9%

JSON
Related for CVE-2008-3964
cert1ubuntucve1prion1veracode1cvelist1nvd1securityvulns2openvas7nessus11gentoo1ubuntu1osv1ibm1