Buffer overflow in graphics library libpng
The Unix and Windows library libpng, which processes graphics in the PNG format, does not check the length of certain entries in these images, which can cause a buffer overflow. Attackers can use manipulating graphics to execute arbitrary code on the systems affected.
The function png_decompress_chunk() in the file pngrutil.c does not check the chunk_name entries in PNGs before it copies this string into a buffer of insufficient size. As a result, libpng may crash, and program code can be smuggled in.
The developers of the library have increased the target buffer in versions 1.2.12 and 1.0.20 to remedy the problem. Linux distributors should be releasing updated packets soon, and users are advised to install them.