{"vuid":"VU#817368","idnumber":"817368","name":"libpng png_handle_sBIT() performs insufficient bounds checking","keywords":["libpng","png_handle_sBIT","pngrutil.c","buffer overflow"],"overview":"The Portable Network Graphics library (libpng) contains a flaw that could introduce a remotely exploitable vulnerability.","clean_desc":"The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format. A potentially insufficient bounds check error exists within the png_handle_sBIT() function. A similar error exists in the png_handle_hIST() function. While the code that contains these errors could potentially permit a buffer overflow to occur during a subsequent png_crc_read() operation, it is unclear what practical vulnerabilities they might present in applications using libpng. Multiple applications support the PNG image format, including web browsers, email clients, and various graphic utilities. Because multiple products have used the libpng reference library to implement native PNG image processing, multiple applications will be affected by this issue in different ways. Please note that this vulnerability is known to exist in Microsoft Windows Messenger and MSN Messenger. Please see MS05-009 for more details. For information regarding how this vulnerability affects Microsoft Internet Explorer, refer to MS05-025.","impact":"The complete impact of this vulnerability is not yet known.","resolution":"Apply a patch from the vendor Patches have been released to address this vulnerability. Please see the Systems Affected section of this document for more details.","workarounds":"","sysaffected":"","thanks":"Thanks to Chris Evans for reporting this vulnerability.","author":"This document was written by Chad Dougherty and Damon Morda.","public":["http://scary.beasts.org/security/CESA-2004-001.txt","http://www.libpng.org/pub/png/","http://libpng.sourceforge.net/","http://www.microsoft.com/technet/security/Bulletin/MS05-009.mspx","http://www.microsoft.com/technet/security/bulletin/ms05-025.mspx"],"cveids":["CVE-2004-0597"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-07-16T14:42:38Z","publicdate":"2004-08-04T00:00:00Z","datefirstpublished":"2004-08-04T16:05:45Z","dateupdated":"2005-06-14T20:57:30Z","revision":20,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"7","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"2","cam_easeofexploitation":"8","cam_attackeraccessrequired":"14","cam_scorecurrent":"0.756","cam_scorecurrentwidelyknown":"1.575","cam_scorecurrentwidelyknownexploited":"2.835","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.756,"vulnote":null}