Unrated severityNVD Advisory· Published Aug 18, 2004· Updated Apr 16, 2026

CVE-2004-0421

Description

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

Affected products

Libpng/Libpng17 versions
cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*
OpenPKG/Openpkg2 versions
cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
Red Hat/Libpng2 versions
cpe:2.3:a:redhat:libpng:1.2.2-16:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:libpng:1.2.2-16:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libpng:1.2.2-20:*:*:*:*:*:*:*
Red Hat/Enterprise Linux2 versions
cpe:2.3:o:redhat:enterprise_linux:2.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
Trustix/Secure Linux2 versions
cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.redhat.com/support/errata/RHSA-2004-180.htmlnvdBroken LinkPatchVendor Advisory
www.securityfocus.com/bid/10244nvdBroken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
www.mandriva.com/security/advisoriesnvdThird Party Advisory
www.mandriva.com/security/advisoriesnvdThird Party Advisory
www.mandriva.com/security/advisoriesnvdThird Party Advisory
lists.apple.com/mhonarc/security-announce/msg00056.htmlnvdBroken Link
marc.infonvdMailing List
marc.infonvdMailing List
marc.infonvdMailing List
marc.infonvdMailing List
secunia.com/advisories/22957nvdBroken Link
secunia.com/advisories/22958nvdBroken Link
www.debian.org/security/2004/dsa-498nvdBroken Link
www.redhat.com/support/errata/RHSA-2004-181.htmlnvdBroken Link
exchange.xforce.ibmcloud.com/vulnerabilities/16022nvdBroken LinkVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000