Vulnerability Note VU#889484
libpng off-by-one vulnerability
A vulnerability exists in libpng that may allow a remote attacker to cause a denial of service.
A vulnerability in the way libpng handles files that contain multiple zTXt chunks may cause a denial of service. This vulnerability is due to an off-by-one error introduced in the png_push_read_zTXt() function in libpng-1.2.30/pngpread.c. According to the PNG Development Group:
Gecko-based applications such as Firefox are not vulnerable because they contain a png_set_keep_unknown_chunks() call that causes the application to ignore the zTXt chunk.
Note that this issue affects libpng versions 1.0.38, 1.0.39, 1.2.30, 1.2.31, and libpng-1.4.0beta.
A remote, unauthorized attacker may be able to cause a denial of service.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|libpng||Affected||-||02 Oct 2008|
CVSS Metrics (Learn More)
This issue was reported by the PNG Development Group in libpng version 1.2.32 .
This document was written by Chris Taschner.
- CVE IDs: CVE-2008-3964
- Date Public: 05 Sep 2008
- Date First Published: 02 Oct 2008
- Date Last Updated: 02 Oct 2008
- Severity Metric: 3.97
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.