Vulnerability Note VU#477046
libpng malformed cHRM divide-by-zero vulnerability
libpng crashes when processing malformed cHRM chunks.
When libpng encounters a cHRM chunk that is malformed it will perform a divide-by-zero causing libpng to crash. This bug was introduced in libpng version 1.5.4 and has been fixed in libpng version 1.5.5.
By tricking a user into opening a specifically crafted PNG file within an application that uses libpng, an attacker may be able to cause a denial of service crash.
The PNG Development Group has stated that: Such malformed PNG files are not necessarily malevolent (ones have been observed on the Internet that were created by accident) but they will cause a crash anyway.
Apply an Update
The PNG Development Group recommends upgrading to libpng-1.5.5. However, if you must continue to use libpng-1.5.4, you can apply the following patch to libpng-1.5.4:
Vendor Information (Learn More)
According to The PNG Development Group: Those that use a "system" libpng that happens to be libpng-1.5.4 are vulnerable to a divide-by-zero crash. Mozilla products that use the embedded libpng are not vulnerable.
|Vendor||Status||Date Notified||Date Updated|
|libpng||Affected||-||22 Sep 2011|
CVSS Metrics (Learn More)
Thanks to Glenn Randers-Pehrson of the PNG Development Group for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE 2011-3328
- Date Public: 22 Sep 2011
- Date First Published: 22 Sep 2011
- Date Last Updated: 23 Sep 2011
- Severity Metric: 0.06
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.