Vulnerability Note VU#684664

libpng denial of service vulnerability

Original Release date: 16 May 2007 | Last revised: 22 Aug 2007

Overview

The libpng library contains a denial-of-service vulnerability.

Description

The libpng library can be used to allow other applications to render PNG images.

The libpng library contains a denial-of-service vulnerability.

From the Libpng-1.2.16-ADVISORY:

    This vulnerability could be used to crash a browser when a user tries to view such a malformed PNG file. It is not known whether the vulnerability could be exploited otherwise.

    The reason is that png_ptr->num_trans is set to 1 and then there is an error return after checking the CRC, so the trans[ ] array is never allocated. Since png_ptr->num_trans is nonzero, libpng tries to use the array later.
An attacker may be able to exploit this vulnerability by convincing a user to open a specially crafted PNG image. The malicious image may be hosted on a website, or sent as an email attachment.

Impact

A remote, unauthenticated attacker may be able to create a denial-of-service condition.

Solution

Upgrade
The libpng team has released a patch for libpng 1.0.25 and 1.2.17 to address this vulnerability. Administrators are encouraged to upgrade as soon as possible. Administrators who receive the libpng library from their operating system vendor should see the systems affected portion of this document for a list of affected vendors.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Debian GNU/LinuxAffected08 May 200708 Jun 2007
Gentoo LinuxAffected08 May 200708 Jun 2007
libpngAffected07 May 200716 May 2007
Mandriva, Inc.Affected08 May 200708 Jun 2007
Red Hat, Inc.Affected08 May 200718 May 2007
Sun Microsystems, Inc.Affected08 May 200722 Aug 2007
SUSE LinuxAffected08 May 200713 Jul 2007
UbuntuAffected08 May 200713 Jun 2007
Apple Computer, Inc.Unknown08 May 200708 May 2007
Conectiva Inc.Unknown08 May 200708 May 2007
Cray Inc.Unknown08 May 200708 May 2007
EMC, Inc. (formerly Data General Corporation)Unknown08 May 200708 May 2007
Engarde Secure LinuxUnknown08 May 200708 May 2007
F5 Networks, Inc.Unknown08 May 200708 May 2007
Fedora ProjectUnknown08 May 200708 May 2007
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to the libpng team for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: CVE-2007-2445
  • Date Public: 16 May 2007
  • Date First Published: 16 May 2007
  • Date Last Updated: 22 Aug 2007
  • Severity Metric: 3.86
  • Document Revision: 21

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.