Vulnerability Note VU#684664

libpng denial of service vulnerability

Original Release date: 16 May 2007 | Last revised: 22 Aug 2007

Overview

The libpng library contains a denial-of-service vulnerability.

Description

The libpng library can be used to allow other applications to render PNG images.

The libpng library contains a denial-of-service vulnerability.

From the Libpng-1.2.16-ADVISORY:
This vulnerability could be used to crash a browser when a user tries to view such a malformed PNG file. It is not known whether the vulnerability could be exploited otherwise.

The reason is that png_ptr->num_trans is set to 1 and then there is an error return after checking the CRC, so the trans[ ] array is never allocated. Since png_ptr->num_trans is nonzero, libpng tries to use the array later.

    An attacker may be able to exploit this vulnerability by convincing a user to open a specially crafted PNG image. The malicious image may be hosted on a website, or sent as an email attachment.

    Impact

    A remote, unauthenticated attacker may be able to create a denial-of-service condition.

    Solution

    Upgrade
    The libpng team has released a patch for libpng 1.0.25 and 1.2.17 to address this vulnerability. Administrators are encouraged to upgrade as soon as possible. Administrators who receive the libpng library from their operating system vendor should see the systems affected portion of this document for a list of affected vendors.

    Systems Affected (Learn More)

    VendorStatusDate NotifiedDate Updated
    Debian GNU/LinuxAffected08 May 200708 Jun 2007
    Gentoo LinuxAffected08 May 200708 Jun 2007
    libpngAffected07 May 200716 May 2007
    Mandriva, Inc.Affected08 May 200708 Jun 2007
    Red Hat, Inc.Affected08 May 200718 May 2007
    Sun Microsystems, Inc.Affected08 May 200722 Aug 2007
    SUSE LinuxAffected08 May 200713 Jul 2007
    UbuntuAffected08 May 200713 Jun 2007
    Apple Computer, Inc.Unknown08 May 200708 May 2007
    Conectiva Inc.Unknown08 May 200708 May 2007
    Cray Inc.Unknown08 May 200708 May 2007
    EMC, Inc. (formerly Data General Corporation)Unknown08 May 200708 May 2007
    Engarde Secure LinuxUnknown08 May 200708 May 2007
    F5 Networks, Inc.Unknown08 May 200708 May 2007
    Fedora ProjectUnknown08 May 200708 May 2007
    If you are a vendor and your product is affected, let us know.View More »

    CVSS Metrics (Learn More)

    Group Score Vector
    Base N/A N/A
    Temporal N/A N/A
    Environmental N/A N/A

    References

    Credit

    Thanks to the libpng team for information that was used in this report.

    This document was written by Ryan Giobbi.

    Other Information

    • CVE IDs: CVE-2007-2445
    • Date Public: 16 May 2007
    • Date First Published: 16 May 2007
    • Date Last Updated: 22 Aug 2007
    • Severity Metric: 3.86
    • Document Revision: 21

    Feedback

    If you have feedback, comments, or additional information about this vulnerability, please send us email.