Libpng "png_set_rgb_to_gray()" Transform Buffer Overflow Vulnerability

2011.01.19
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-189


Ogólna skala CVSS: 6.8/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

libpng-1.5.0 is available from ftp://ftp.simplesystems.org/pub/png/src and from http://libpng.sf.net There are no changes from libpng-1.5.0rc07, except for fixing a couple of tiny typos in the manual. Read the ANNOUNCE file and the section on libpng-1.4 to 1.5 differences in libpng-manual.txt that come with libpng to see the differences from 1.4.5. The major changes include moving the png and png_info structs into their own private header files, and provision of a new, more thorough test program (pngvalid.c), and an awk-based system of maintaining the new pnglibconf.h file that keeps track of how libpng was configured (i.e., what features were supported when libpng was built). Most of this work was done by John Bowler. Except for the accessibility of the png and png_info structs (which we have been deprecating for more than a decade), the API isn't significantly changed. Applications built with libpng14 without compiler warnings about using deprecated features should also build without modification with libpng15. Please reply to the png-mng-implement list. Glenn

Referencje:

http://www.kb.cert.org/vuls/id/643140
http://xforce.iss.net/xforce/xfdb/64637
http://www.vupen.com/english/advisories/2011/0080
http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement
http://securitytracker.com/id?1024955
http://secunia.com/advisories/42863


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top