Unrated severityNVD Advisory· Published Sep 11, 2008· Updated Apr 23, 2026
CVE-2008-3964
CVE-2008-3964
Description
Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.
Affected products
34cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*+ 33 more
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*range: <1.2.32
- cpe:2.3:a:libpng:libpng:1.4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta10:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta11:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta12:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta13:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta14:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta15:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta16:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta17:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta18:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta19:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta20:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta21:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta22:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta23:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta24:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta25:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta26:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta27:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta28:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta29:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta30:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta31:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta32:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta33:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.4.0:beta9:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
21- sourceforge.net/project/shownotes.phpnvdBroken LinkPatch
- sourceforge.net/tracker/index.phpnvdExploitThird Party Advisory
- secunia.com/advisories/31781nvdThird Party Advisory
- secunia.com/advisories/33137nvdThird Party Advisory
- secunia.com/advisories/35302nvdThird Party Advisory
- secunia.com/advisories/35386nvdThird Party Advisory
- security.gentoo.org/glsa/glsa-200812-15.xmlnvdThird Party Advisory
- sourceforge.net/mailarchive/forum.phpnvdThird Party Advisory
- sourceforge.net/project/shownotes.phpnvdProductThird Party Advisory
- support.avaya.com/elmodocs2/security/ASA-2009-208.htmnvdThird Party Advisory
- www.kb.cert.org/vuls/id/889484nvdThird Party AdvisoryUS Government Resource
- www.openwall.com/lists/oss-security/2008/09/09/3nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2008/09/09/8nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/31049nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/44928nvdThird Party AdvisoryVDB Entry
- sunsolve.sun.com/search/document.donvdBroken Link
- sunsolve.sun.com/search/document.donvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.vupen.com/english/advisories/2008/2512nvdPermissions Required
- www.vupen.com/english/advisories/2009/1462nvdPermissions Required
- www.vupen.com/english/advisories/2009/1560nvdPermissions Required
News mentions
0No linked articles in our index yet.