CVE-2008-3964

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

Múltiples desbordamientos de entero en libpng versiones anteriores a 1.2.32beta01, y 1.4 versiones anteriores a 1.4.0beta34, permiten a atacantes dependientes de contexto provocar una denegación de servicio (caída) o tener otros impactos desconocidos a través de una imagen PNG con fragmentos zTXt manipulados, relacionado con (1) la función png_push_read_zTXt en pngread.c, y posiblemente relacionado con (2) pngtest.c.