Vulnerability Note VU#286464

libpng contains integer overflows in progressive display image reading

Original Release date: 04 Aug 2004 | Last revised: 01 Jun 2005

Overview

The Portable Network Graphics library (libpng) contains several flaws in progressive image handling that could introduce a remotely exploitable vulnerability.

Description

The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format.

The libpng library features the ability to display interlaced, or progressive display, PNG files or streams. A number of potential integer overflow errors exist in libpng's handling of such progressive display images. While the code that contains these errors introduces dangerous conditions, it is unclear what practical vulnerabilities it might present in applications using libpng.

Multiple applications support the PNG image format, including web browsers, email clients, and various graphic utilities. Because multiple products have used the libpng reference library to implement native PNG image processing, multiple applications will be affected by this issue in different ways.

Impact

The complete impact of this vulnerability is not yet known.

Solution

Apply a patch from the vendor

Patches have been released to address this vulnerability. Please see the Systems Affected section of this document for more details.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Affected16 Jul 200401 Jun 2005
GentooAffected-20 Aug 2004
libpng.orgAffected16 Jul 200404 Aug 2004
OpenPKGAffected-20 Aug 2004
SlackwareAffected-20 Aug 2004
Trustix Secure LinuxAffected-20 Aug 2004
Juniper NetworksNot Affected16 Jul 200423 Jul 2004
NEC CorporationNot Affected16 Jul 200403 Aug 2004
BSDIUnknown-23 Jul 2004
ConectivaUnknown-23 Jul 2004
Cray Inc.Unknown-23 Jul 2004
DebianUnknown-23 Jul 2004
eMC CorporationUnknown-23 Jul 2004
EngardeUnknown-23 Jul 2004
FreeBSDUnknown-23 Jul 2004
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Chris Evans for reporting this vulnerability.

This document was written by Chad Dougherty and Damon Morda.

Other Information

  • CVE IDs: CAN-2004-0599
  • Date Public: 04 Aug 2004
  • Date First Published: 04 Aug 2004
  • Date Last Updated: 01 Jun 2005
  • Severity Metric: 0.97
  • Document Revision: 12

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.