|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#236656
libpng png_handle_iCCP() NULL pointer dereference
OverviewThe Portable Network Graphics library (libpng) contains a remotely exploitable vulnerability that could cause affected applications to crash.
I. DescriptionThe Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format.
Under some circumstances, a null pointer may be dereferenced during a memory allocation in the png_handle_iCCP() function. As a result, a PNG file with particular characteristics could cause the affected application to crash. Similar errors are reported to exist in other locations within libpng.
Multiple applications support the PNG image format, including web browsers, email clients, and various graphic utilities. Because multiple products have used the libpng reference library to implement native PNG image processing, applications will be affected by this issue in different ways.
II. ImpactAn attacker could cause a vulnerable application to crash by supplying a specially crafted PNG image. Vulnerable applications that read images from network sources could be exploited remotely.
III. SolutionApply a patch from the vendor
Patches have been released to address this vulnerability. Please see the Systems Affected section of this document for more details.
Systems Affected
| Vendor | Status | Date Updated |
| Apple Computer, Inc. | Vulnerable | 1-Jun-2005 |
| Berkeley Software Design, Inc. | Unknown | 23-Jul-2004 |
| Cray Inc. | Unknown | 23-Jul-2004 |
| Debian Linux | Vulnerable | 20-Aug-2004 |
| eMC Corporation | Unknown | 23-Jul-2004 |
| Engarde | Unknown | 23-Jul-2004 |
| FreeBSD, Inc. | Unknown | 23-Jul-2004 |
| Fujitsu | Unknown | 23-Jul-2004 |
| Gentoo | Vulnerable | 20-Aug-2004 |
| Hewlett-Packard Company | Vulnerable | 20-Aug-2004 |
| Hitachi | Not Vulnerable | 20-Aug-2004 |
| IBM-zSeries | Unknown | 20-Aug-2004 |
| IBM Corporation | Unknown | 4-Aug-2004 |
| IBM eServer | Unknown | 23-Jul-2004 |
| Immunix | Unknown | 4-Aug-2004 |
| Ingrian Networks, Inc. | Unknown | 23-Jul-2004 |
| Juniper Networks, Inc. | Not Vulnerable | 23-Jul-2004 |
| libpng.org | Vulnerable | 4-Aug-2004 |
| Mandriva, Inc. | Vulnerable | 20-Aug-2004 |
| Mandriva, Inc. | Vulnerable | 4-Aug-2004 |
| Microsoft Corporation | Unknown | 4-Aug-2004 |
| MontaVista Software, Inc. | Vulnerable | 4-Aug-2004 |
| NEC Corporation | Not Vulnerable | 3-Aug-2004 |
| NETBSD | Unknown | 23-Jul-2004 |
| Nokia | Unknown | 23-Jul-2004 |
| Novell, Inc. | Unknown | 23-Jul-2004 |
| OpenPKG | Vulnerable | 20-Aug-2004 |
| Openwall GNU/*/Linux | Unknown | 23-Jul-2004 |
| Red Hat, Inc. | Vulnerable | 20-Aug-2004 |
| SCO | Unknown | 23-Jul-2004 |
| Sequent Computer Systems, Inc. | Unknown | 23-Jul-2004 |
| SGI | Unknown | 23-Jul-2004 |
| Slackware | Vulnerable | 20-Aug-2004 |
| Sony Corporation | Unknown | 23-Jul-2004 |
| Sun Microsystems, Inc. | Vulnerable | 4-Aug-2004 |
| SUSE Linux | Vulnerable | 4-Aug-2004 |
| Trustix Secure Linux | Vulnerable | 20-Aug-2004 |
| TurboLinux | Unknown | 23-Jul-2004 |
| Unisys | Unknown | 23-Jul-2004 |
| Wind River Systems, Inc. | Unknown | 23-Jul-2004 |
References
http://scary.beasts.org/security/CESA-2004-001.txt
http://www.libpng.org/pub/png/
http://libpng.sourceforge.net/
Credit
Thanks to Chris Evans for reporting this vulnerability.
This document was written by Chad Dougherty and Damon Morda.
Other Information
| Date Public | 08/04/2004 |
| Date First Published | 08/04/2004 12:00:13 PM |
| Date Last Updated | 07/20/2007 |
| CERT Advisory | |
| CVE Name | CVE-2004-0598 |
| US-CERT Technical Alerts | |
| Metric | 1.05 |
| Document Revision | 17 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|