Vigil@nce - libpng: memory corruption via PNG
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a malicious PNG image
with an application linked to libpng, in order to create an
overflow of one byte, which stops the application, and could lead
to code execution.
Severity: 2/4
Creation date: 02/02/2012
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The libpng library processes PNG images. It is used by several
applications.
When an image is malformed, the png_formatted_warning() function
of the pngerror.c file generates a warning message. However, if
this message is too long, it is not correctly truncated, and an
overflow of one byte occurs.
An attacker can therefore invite the victim to open a malicious
PNG image with an application linked to libpng, in order to create
an overflow of one byte, which stops the application, and could
lead to code execution.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libpng-memory-corruption-via-PNG-11340