Unrated severityNVD Advisory· Published Dec 26, 2002· Updated Apr 16, 2026

CVE-2002-1363

Description

Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.

Affected products

Greg Roelofs/Libpng14 versions
cpe:2.3:a:greg_roelofs:libpng:1.0.11:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:greg_roelofs:libpng:1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:greg_roelofs:libpng:1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:greg_roelofs:libpng:1.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:greg_roelofs:libpng:1.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:greg_roelofs:libpng:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:greg_roelofs:libpng:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:greg_roelofs:libpng:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:greg_roelofs:libpng:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:greg_roelofs:libpng:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:greg_roelofs:libpng:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:greg_roelofs:libpng:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:greg_roelofs:libpng:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:greg_roelofs:libpng:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:greg_roelofs:libpng:1.2.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000