CVE-2008-3964

NameCVE-2008-3964
DescriptionMultiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs501109

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libpngsourceetch(not affected)
libpngsource(unstable)1.2.27-2low501109

Notes

[etch] - libpng <not-affected> (Vulnerable code not present)
off-by-one error in pngpread.c is not present, must have
been introduced later, but pngtest.c is affected. However, there
is no known exploit.
Search for package or bug name: Reporting problems