Vulnerability Note VU#236656

libpng png_handle_iCCP() NULL pointer dereference

Original Release date: 04 Aug 2004 | Last revised: 20 Jul 2007

Overview

The Portable Network Graphics library (libpng) contains a remotely exploitable vulnerability that could cause affected applications to crash.

Description

The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format.

Under some circumstances, a null pointer may be dereferenced during a memory allocation in the png_handle_iCCP() function. As a result, a PNG file with particular characteristics could cause the affected application to crash. Similar errors are reported to exist in other locations within libpng.

Multiple applications support the PNG image format, including web browsers, email clients, and various graphic utilities. Because multiple products have used the libpng reference library to implement native PNG image processing, applications will be affected by this issue in different ways.

Impact

An attacker could cause a vulnerable application to crash by supplying a specially crafted PNG image. Vulnerable applications that read images from network sources could be exploited remotely.

Solution

Apply a patch from the vendor
Patches have been released to address this vulnerability. Please see the Systems Affected section of this document for more details.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Affected16 Jul 200401 Jun 2005
Debian LinuxAffected16 Jul 200420 Aug 2004
GentooAffected-20 Aug 2004
Hewlett-Packard CompanyAffected16 Jul 200420 Aug 2004
libpng.orgAffected16 Jul 200404 Aug 2004
Mandriva, Inc.Affected16 Jul 200420 Aug 2004
Mandriva, Inc.Affected16 Jul 200404 Aug 2004
MontaVista Software, Inc.Affected16 Jul 200404 Aug 2004
OpenPKGAffected-20 Aug 2004
Red Hat, Inc.Affected16 Jul 200420 Aug 2004
SlackwareAffected-20 Aug 2004
Sun Microsystems, Inc.Affected16 Jul 200404 Aug 2004
SUSE LinuxAffected16 Jul 200404 Aug 2004
Trustix Secure LinuxAffected-20 Aug 2004
HitachiNot Affected16 Jul 200420 Aug 2004
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Chris Evans for reporting this vulnerability.

This document was written by Chad Dougherty and Damon Morda.

Other Information

  • CVE IDs: CVE-2004-0598
  • Date Public: 04 Aug 2004
  • Date First Published: 04 Aug 2004
  • Date Last Updated: 20 Jul 2007
  • Severity Metric: 1.05
  • Document Revision: 17

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.