Vigil@nce: libpng, memory leak via tEXT
February 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can create an image containing a malicious tEXT field
in order to create a denial of service in applications linked to
libpng.
Gravity: 1/4
Consequences: denial of service of client
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 19/02/2009
IMPACTED PRODUCTS
– Fedora
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The libpng library is used by applications creating or
manipulating PNG (Portable Network Graphics) image files.
A PNG image is composed of a series of fragments identified by
four letters:
– IHDR : header
– IDAT : image data
– tEXT : text
– etc.
When the png_handle_tEXt() function of pngrutil.c analyzes a PNG
image containing a malformed tEXT filed, a memory area is not
freed.
An attacker can therefore create an image containing a malicious
tEXT field in order to create a denial of service in applications
linked to libpng.
CHARACTERISTICS
Identifiers: 468990, FEDORA-2008-9379, FEDORA-2008-9393,
VIGILANCE-VUL-8480
http://vigilance.fr/vulnerability/libpng-memory-leak-via-tEXT-8480