SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#817368

libpng png_handle_sBIT() performs insufficient bounds checking

Overview

The Portable Network Graphics library (libpng) contains a flaw that could introduce a remotely exploitable vulnerability.

I. Description

The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format.

A potentially insufficient bounds check error exists within the png_handle_sBIT() function. A similar error exists in the png_handle_hIST() function. While the code that contains these errors could potentially permit a buffer overflow to occur during a subsequent png_crc_read() operation, it is unclear what practical vulnerabilities they might present in applications using libpng.

Multiple applications support the PNG image format, including web browsers, email clients, and various graphic utilities. Because multiple products have used the libpng reference library to implement native PNG image processing, multiple applications will be affected by this issue in different ways.

Please note that this vulnerability is known to exist in Microsoft Windows Messenger and MSN Messenger. Please see MS05-009 for more details. For information regarding how this vulnerability affects Microsoft Internet Explorer, refer to MS05-025.

II. Impact

The complete impact of this vulnerability is not yet known.

III. Solution

Apply a patch from the vendor


Patches have been released to address this vulnerability. Please see the Systems Affected section of this document for more details.

Systems Affected

VendorStatusDate Updated
Apple Computer Inc.Unknown17-May-2005
BSDIUnknown23-Jul-2004
ConectivaUnknown23-Jul-2004
Cray Inc.Unknown23-Jul-2004
DebianUnknown23-Jul-2004
eMC CorporationUnknown23-Jul-2004
EngardeUnknown23-Jul-2004
FreeBSDUnknown23-Jul-2004
FujitsuUnknown23-Jul-2004
GentooVulnerable20-Aug-2004
Hewlett-Packard CompanyUnknown23-Jul-2004
HitachiUnknown23-Jul-2004
IBMUnknown23-Jul-2004
IBM-zSeriesUnknown23-Jul-2004
IBM eServerUnknown23-Jul-2004
IMmunixUnknown23-Jul-2004
Ingrian NetworksUnknown23-Jul-2004
Juniper NetworksNot Vulnerable23-Jul-2004
libpng.orgVulnerable4-Aug-2004
MandrakeSoftUnknown23-Jul-2004
Microsoft CorporationVulnerable14-Jun-2005
MontaVista SoftwareUnknown23-Jul-2004
NEC CorporationNot Vulnerable3-Aug-2004
NETBSDUnknown23-Jul-2004
NokiaUnknown23-Jul-2004
NovellUnknown23-Jul-2004
OpenPKGVulnerable20-Aug-2004
Openwall GNU/*/LinuxUnknown23-Jul-2004
Red Hat Inc.Unknown23-Jul-2004
ScOUnknown23-Jul-2004
SequentUnknown23-Jul-2004
SGIUnknown23-Jul-2004
SlackwareVulnerable20-Aug-2004
Sony CorporationUnknown23-Jul-2004
Sun Microsystems Inc.Unknown23-Jul-2004
SuSE Inc.Unknown23-Jul-2004
Trustix Secure LinuxVulnerable20-Aug-2004
TurboLinuxUnknown23-Jul-2004
uNisysUnknown23-Jul-2004
Wind River Systems Inc.Unknown23-Jul-2004

References


http://scary.beasts.org/security/CESA-2004-001.txt
http://www.libpng.org/pub/png/
http://libpng.sourceforge.net/
http://www.microsoft.com/technet/security/Bulletin/MS05-009.mspx
http://www.microsoft.com/technet/security/bulletin/ms05-025.mspx

Credit

Thanks to Chris Evans for reporting this vulnerability.

This document was written by Chad Dougherty and Damon Morda.

Other Information

Date Public08/04/2004
Date First Published08/04/2004 12:05:44 PM
Date Last Updated06/14/2005
CERT Advisory 
CVE NameCAN-2004-0597
US-CERT Technical Alerts 
Metric0.76
Document Revision18

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader