The Portable Network Graphics library (libpng) contains a remotely exploitable vulnerability, which could lead to arbitrary code execution on an affected system.
The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format.
According to the PNG Chunk Specification, PNG images contain a series of chunks including the IHDR, IDAT, and IEND chunks. In addition to these required chunks, a PNG image may contain one or more optional chunks. The optional tRNS chunk is responsible for specifying images that use simple transparency. There are several components of the tRNS chunk. If the PLTE block is not present in a tRNS chunk, a logic error in the code responsible for validating the data segments of the tRNS chunk may lead to a buffer overflow condition.
By introducing a malformed PNG image to a vulnerable application, a remote attacker could cause the application to crash or potentially execute arbitrary code with the privileges of the current user.
Apply a patch from the vendor
Apple Computer Inc.
Trustix Secure Linux
Red Hat Inc.
Sun Microsystems Inc.
Wind River Systems Inc.
Thanks to Chris Evans for reporting this vulnerability.
This document was written by Chad Dougherty and Damon Morda.
|Date First Published:||2004-08-04|
|Date Last Updated:||2005-06-14 20:58 UTC|