Vigil@nce: libpng, memory corruption via free
February 2009 by Vigil@nce
An attacker can create a malicious PNG image in order to corrupt
the memory of applications linked to libpng.
– Gravity: 2/4
– Consequences: user access/rights, denial of service of client
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 19/02/2009
IMPACTED PRODUCTS
– Mandriva Corporate
– Mandriva Linux
– Mandriva Multi Network Firewall
– Slackware Linux
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The libpng library is used by applications creating or
manipulating PNG (Portable Network Graphics) image files.
It allocates arrays of elements to store information on images.
However, when there is no available memory, libpng frees all these
array entries, even if they were never allocated.
An attacker can therefore create a malicious PNG image in order to
corrupt the memory of applications linked to libpng. This
vulnerability leads to a denial of service and eventually to code
execution.
CHARACTERISTICS
– Identifiers: BID-33827, CVE-2009-0040, MDVSA-2009:051,
SSA:2009-051-01, VIGILANCE-VUL-8482
– Url: http://vigilance.fr/vulnerability/libpng-memory-corruption-via-free-8482