CVE-2008-3964

Published: November 9, 2008

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

MEDIUM
CVSS v2: 4.3

Status

DocFilters Release	Package	State	Justification	Comment
25.1	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.4	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.4.0	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.3	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.2.1	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.2	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.1	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
23.3	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
23.2.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
23.2	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
23.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
22.4	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
22.3	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
22.2	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
22.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.11.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.11	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.8.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.8	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.5.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.5.0	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.2.0	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.20	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.19.3667	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.18.3599	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.17	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.16.3445	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.15.3368	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.14.3263	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.13.3179	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.12.3054	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.11.3040	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.11.2990	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.10.2934	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.9.2878	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.8.2822	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.

Severity score breakdown

References

NVD
MITRE