Unrated severityNVD Advisory· Published Nov 23, 2004· Updated Jun 16, 2026
CVE-2004-0597
CVE-2004-0597
Description
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:microsoft:msn_messenger:6.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:msn_messenger:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:msn_messenger:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:windows_messenger:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_me:*:*:second_edition:*:*:*:*:*
Patches
Vulnerability mechanics
References
42- www.adobe.com/support/downloads/detail.jspnvdPatch
- www.debian.org/security/2004/dsa-536nvdPatchVendor Advisory
- www.gentoo.org/security/en/glsa/glsa-200408-03.xmlnvdPatchVendor Advisory
- www.gentoo.org/security/en/glsa/glsa-200408-22.xmlnvdPatchVendor Advisory
- www.novell.com/linux/security/advisories/2004_23_libpng.htmlnvdPatchVendor Advisory
- www.trustix.net/errata/2004/0040/nvdPatchVendor Advisory
- scary.beasts.org/security/CESA-2004-001.txtnvdExploitVendor Advisory
- www.securityfocus.com/bid/10857nvdExploitPatchVendor Advisory
- www.kb.cert.org/vuls/id/388984nvdThird Party AdvisoryUS Government Resource
- www.kb.cert.org/vuls/id/817368nvdThird Party AdvisoryUS Government Resource
- www.redhat.com/support/errata/RHSA-2004-421.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2004-429.htmlnvdVendor Advisory
- www.us-cert.gov/cas/techalerts/TA04-217A.htmlnvdThird Party AdvisoryUS Government Resource
- www.us-cert.gov/cas/techalerts/TA05-039A.htmlnvdThird Party AdvisoryUS Government Resource
- ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txtnvd
- distro.conectiva.com.br/atualizacoes/nvd
- lists.apple.com/mhonarc/security-announce/msg00056.htmlnvd
- marc.infonvd
- marc.infonvd
- marc.infonvd
- marc.infonvd
- marc.infonvd
- secunia.com/advisories/22957nvd
- secunia.com/advisories/22958nvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- www.coresecurity.com/common/showdoc.phpnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mozilla.org/projects/security/known-vulnerabilities.htmlnvd
- www.redhat.com/support/errata/RHSA-2004-402.htmlnvd
- www.securityfocus.com/bid/15495nvd
- bugzilla.fedora.us/show_bug.cginvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/16894nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709nvd
News mentions
0No linked articles in our index yet.