libpng Chunk Handling Bugs Let Remote Users Deny Service - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > libpng

Vendors: libpng.sourceforge.net

libpng Chunk Handling Bugs Let Remote Users Deny Service

SecurityTracker Alert ID: 1018849

SecurityTracker URL: http://securitytracker.com/id/1018849

CVE Reference: CVE-2007-5269 (Links to External Site)

Date: Oct 23 2007

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 1.2 prior to 1.2.21 and 1.0 prior to 1.0.29

Description: A vulnerability was reported in libpng. A remote user can cause denial of service conditions.

A remote user can create a specially crafted image that, when loaded by the target application, will trigger an out-of-bounds read error in certain chunk handlers and cause the target application to crash.

The png_handle_pCAL(), png_handle_sCAL(), png_push_read_tEXt(), png_handle_iTXt(), and png_handle_ztXt() functions are affected.

George Cook and Jeff Phillips reported this vulnerability.

Impact: A remote user can cause denial of service conditions.

Solution: The vendor has issued fixed versions (1.2.21 and 1.0.29).

The vendor's advisory is available at:

http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net

Vendor URL: libpng.sourceforge.net/ (Links to External Site)

Cause: Access control error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

Oct 23 2007	(Red Hat Issues Fix) libpng Chunk Handling Bugs Let Remote Users Deny Service (bugzilla@redhat.com) Red Hat has released a fix for Red Hat Enterprise Linux 2.1, 3, 4, and 5.
May 30 2009	(Sun Issues Fix) libpng Chunk Handling Bugs Let Remote Users Deny Service Sun has issued a fix for Solaris 10 and OpenSolaris.

Source Message Contents

Date: Tue, 23 Oct 2007 15:55:02 -0400
Subject: libpng


CVE-2007-5269

[png-mng-implement] Libpng-1.2.21 and libpng-1.0.29 released

Libpng-1.2.21 and libpng-1.0.29 have been released and are available at
ftp://ftp.simplesystems.org/pub/png/src
and at
http://libpng.sf.net

Fixed various mistakes reported by George Cook and Jeff Phillips:
logical vs bitwise NOT in pngrtran.c, bug introduced in 1.2.19
16-bit cheap transparency expansion, bug introduced in 1.2.19
errors with sizeof(unknown_chunk.name), bugs introduced in 1.2.19
<= compare with unsigned var in pngset.c, should be ==.
Removed some extraneous typecasts.
Fixed potential out-of-bounds read in png_handle_pCAL(), png_handle_sCAL(),
png_push_read_tEXt(), png_handle_iTXt(), and png_handle_ztXt() ("flayer"
results reported by Tavis Ormandy).
Remove some PNG_CONST declarations from pngwutil.c to avoid compiler warnings
Revised makefiles to update libpng.pc properly.

Glenn

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC