CVE-2004-0597

critical Microsoft
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
83.2%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: November 23, 2004 (7842 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

CWE

NVD-CWE-Other

Affected Products

greg roelofs libpngmicrosoft msn messengermicrosoft windows media playermicrosoft windows messengermicrosoft windows 98semicrosoft windows me

References

🔗 ftp.sco.com 🔗 distro.conectiva.com.br 🔗 lists.apple.com 🔗 marc.info 🔗 marc.info