Unrated severityNVD Advisory· Published Nov 23, 2004· Updated Apr 16, 2026

CVE-2004-0597

Description

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

Affected products

Greg Roelofs/Libpng
cpe:2.3:a:greg_roelofs:libpng:*:*:*:*:*:*:*:*
Range: <=1.2.5
Microsoft/Msn Messenger2 versions
cpe:2.3:a:microsoft:msn_messenger:6.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:msn_messenger:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:msn_messenger:6.2:*:*:*:*:*:*:*
Microsoft/Windows Media Player
cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*
Microsoft/Windows Messenger
cpe:2.3:a:microsoft:windows_messenger:5.0:*:*:*:*:*:*:*
Microsoft/Windows 98se
cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
Microsoft/Windows Me
cpe:2.3:o:microsoft:windows_me:*:*:second_edition:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.adobe.com/support/downloads/detail.jspnvdPatch
www.debian.org/security/2004/dsa-536nvdPatchVendor Advisory
www.gentoo.org/security/en/glsa/glsa-200408-03.xmlnvdPatchVendor Advisory
www.gentoo.org/security/en/glsa/glsa-200408-22.xmlnvdPatchVendor Advisory
www.novell.com/linux/security/advisories/2004_23_libpng.htmlnvdPatchVendor Advisory
www.trustix.net/errata/2004/0040/nvdPatchVendor Advisory
scary.beasts.org/security/CESA-2004-001.txtnvdExploitVendor Advisory
www.securityfocus.com/bid/10857nvdExploitPatchVendor Advisory
www.kb.cert.org/vuls/id/388984nvdThird Party AdvisoryUS Government Resource
www.kb.cert.org/vuls/id/817368nvdThird Party AdvisoryUS Government Resource
www.redhat.com/support/errata/RHSA-2004-421.htmlnvdVendor Advisory
www.redhat.com/support/errata/RHSA-2004-429.htmlnvdVendor Advisory
www.us-cert.gov/cas/techalerts/TA04-217A.htmlnvdThird Party AdvisoryUS Government Resource
www.us-cert.gov/cas/techalerts/TA05-039A.htmlnvdThird Party AdvisoryUS Government Resource
ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txtnvd
distro.conectiva.com.br/atualizacoes/nvd
lists.apple.com/mhonarc/security-announce/msg00056.htmlnvd
marc.infonvd
marc.infonvd
marc.infonvd
marc.infonvd
marc.infonvd
secunia.com/advisories/22957nvd
secunia.com/advisories/22958nvd
sunsolve.sun.com/search/document.donvd
sunsolve.sun.com/search/document.donvd
www.coresecurity.com/common/showdoc.phpnvd
www.mandriva.com/security/advisoriesnvd
www.mandriva.com/security/advisoriesnvd
www.mandriva.com/security/advisoriesnvd
www.mozilla.org/projects/security/known-vulnerabilities.htmlnvd
www.redhat.com/support/errata/RHSA-2004-402.htmlnvd
www.securityfocus.com/bid/15495nvd
bugzilla.fedora.us/show_bug.cginvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009nvd
exchange.xforce.ibmcloud.com/vulnerabilities/16894nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.067
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000