The Portable Network Graphics library (libpng) contains several flaws in progressive image handling that could introduce a remotely exploitable vulnerability.
The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format.
The libpng library features the ability to display interlaced, or progressive display, PNG files or streams. A number of potential integer overflow errors exist in libpng's handling of such progressive display images. While the code that contains these errors introduces dangerous conditions, it is unclear what practical vulnerabilities it might present in applications using libpng.
The complete impact of this vulnerability is not yet known.
Apply a patch from the vendor
Apple Computer Inc.
Trustix Secure Linux
Red Hat Inc.
Sun Microsystems Inc.
Wind River Systems Inc.
Thanks to Chris Evans for reporting this vulnerability.
This document was written by Chad Dougherty and Damon Morda.
|Date First Published:||2004-08-04|
|Date Last Updated:||2005-06-01 21:40 UTC|