NEC Corporation Information for VU#388984

libpng fails to properly check length of transparency chunk (tRNS) data


Not Affected

Vendor Statement

sent on August 2, 2004

[Software Products]

 * E-mail client software "WeMail"
   (shareware developped by NEC Communication Systems,Ltd.)
        - is NOT vulnerable.
        It does not include any code originated from libPNG.

 * We continue to try to investigate other products possibly affected
   by these vulnerabilities.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.