Libpng "png_set_rgb_to_gray()" Transform Buffer Overflow Vulnerability

2011.01.19
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-189


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

libpng-1.5.0 is available from ftp://ftp.simplesystems.org/pub/png/src and from http://libpng.sf.net There are no changes from libpng-1.5.0rc07, except for fixing a couple of tiny typos in the manual. Read the ANNOUNCE file and the section on libpng-1.4 to 1.5 differences in libpng-manual.txt that come with libpng to see the differences from 1.4.5. The major changes include moving the png and png_info structs into their own private header files, and provision of a new, more thorough test program (pngvalid.c), and an awk-based system of maintaining the new pnglibconf.h file that keeps track of how libpng was configured (i.e., what features were supported when libpng was built). Most of this work was done by John Bowler. Except for the accessibility of the png and png_info structs (which we have been deprecating for more than a decade), the API isn't significantly changed. Applications built with libpng14 without compiler warnings about using deprecated features should also build without modification with libpng15. Please reply to the png-mng-implement list. Glenn

References:

http://www.kb.cert.org/vuls/id/643140
http://xforce.iss.net/xforce/xfdb/64637
http://www.vupen.com/english/advisories/2011/0080
http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement
http://securitytracker.com/id?1024955
http://secunia.com/advisories/42863


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top