The Portable Network Graphics library (libpng) contains a remotely exploitable vulnerability, which could lead to arbitrary code execution on an affected system.
The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format.
According to the PNG Chunk Specification, PNG images contain a series of chunks including the IHDR, IDAT, and IEND chunks. In addition to these required chunks, a PNG image may contain one or more optional chunks. The optional tRNS chunk is responsible for specifying images that use simple transparency. There are several components of the tRNS chunk. If the PLTE block is not present in a tRNS chunk, a logic error in the code responsible for validating the data segments of the tRNS chunk may lead to a buffer overflow condition.
By introducing a malformed PNG image to a vulnerable application, a remote attacker could cause the application to crash or potentially execute arbitrary code with the privileges of the current user.
Apply a patch from the vendor
Apple Computer Inc. Affected
Microsoft Corporation Affected
MontaVista Software Affected
SuSE Inc. Affected
Trustix Secure Linux Affected
Juniper Networks Not Affected
NEC Corporation Not Affected
Cray Inc. Unknown
Hewlett-Packard Company Unknown
IBM eServer Unknown
Ingrian Networks Unknown
Openwall GNU/*/Linux Unknown
Red Hat Inc. Unknown
Sony Corporation Unknown
Sun Microsystems Inc. Unknown
Wind River Systems Inc. Unknown
eMC Corporation Unknown
Thanks to Chris Evans for reporting this vulnerability.
This document was written by Chad Dougherty and Damon Morda.
|Date First Published:||2004-08-04|
|Date Last Updated:||2005-06-14 20:58 UTC|