{"vuid":"VU#160448","idnumber":"160448","name":"libpng integer overflow in image height processing","keywords":["png_read_png","pngread.c","integer overflow"],"overview":"The Portable Network Graphics library (libpng) contains a remotely exploitable vulnerability which could cause affected applications to crash.","clean_desc":"The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format. An integer overflow error exists in the handling of PNG image height within the png_read_png() function. As a result, a PNG image with excessive height may cause an integer overflow on a memory allocation and could cause the affected application to crash. Multiple applications support the PNG image format including web browsers, email clients, and various graphic utilities. Because multiple products have used the libpng reference library to implement native PNG image processing, multiple applications will be affected by this issue in different ways.","impact":"An attacker could cause a vulnerable application to crash by supplying a specially-crafted PNG image. Vulnerable applications that read images from network sources could be exploited remotely.","resolution":"Apply a patch from the vendor Patches have been released to address this vulnerability. Please see the Systems Affected section of this document for more details.","workarounds":"","sysaffected":"","thanks":"Thanks to Chris Evans for reporting this vulnerability.","author":"This document was written by Chad Dougherty and Damon Morda.","public":["http://scary.beasts.org/security/CESA-2004-001.txt","http://www.libpng.org/pub/png/","http://libpng.sourceforge.net/"],"cveids":["CVE-2004-0599"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-07-16T14:42:51Z","publicdate":"2004-08-04T00:00:00Z","datefirstpublished":"2004-08-04T15:59:29Z","dateupdated":"2004-08-04T15:59:37Z","revision":18,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"7","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"3","cam_easeofexploitation":"8","cam_attackeraccessrequired":"12","cam_scorecurrent":"0.972","cam_scorecurrentwidelyknown":"2.025","cam_scorecurrentwidelyknownexploited":"3.645","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.972,"vulnote":null}