In association with heise online

30 June 2006, 12:34

Buffer overflow in graphics library libpng

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Unix and Windows library libpng, which processes graphics in the PNG format, does not check the length of certain entries in these images, which can cause a buffer overflow. Attackers can use manipulating graphics to execute arbitrary code on the systems affected.

The function png_decompress_chunk() in the file pngrutil.c does not check the chunk_name entries in PNGs before it copies this string into a buffer of insufficient size. As a result, libpng may crash, and program code can be smuggled in.

The developers of the library have increased the target buffer in versions 1.2.12 and 1.0.20 to remedy the problem. Linux distributors should be releasing updated packets soon, and users are advised to install them.

Also see:

  • Download the current sources of libpng
  • Change log for the updated versions of the library


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit