A vulnerability exists in libpng that may allow a remote attacker to cause a denial of service.
A vulnerability in the way libpng handles files that contain multiple zTXt chunks may cause a denial of service. This vulnerability is due to an off-by-one error introduced in the png_push_read_zTXt() function in libpng-1.2.30/pngpread.c. According to the PNG Development Group:
Gecko-based applications such as Firefox are not vulnerable because they contain a png_set_keep_unknown_chunks() call that causes the application to ignore the zTXt chunk.
Note that this issue affects libpng versions 1.0.38, 1.0.39, 1.2.30, 1.2.31, and libpng-1.4.0beta.
A remote, unauthorized attacker may be able to cause a denial of service.
This issue was reported by the PNG Development Group in libpng version 1.2.32.
This document was written by Chris Taschner.
|Date First Published:||2008-10-02|
|Date Last Updated:||2008-10-02 19:57 UTC|