![]() ![]() While the code that contains these errors introduces dangerous conditions, it is unclear what practical vulnerabilities it might present in applications using libpng. A number of potential integer overflow errors exist in libpng's handling of such progressive display images. The libpng library provides the ability to display interlaced, or progressive display, PNG images. VU#286464 - libpng contains integer overflows in progressive display image reading While the code that contains these errors could potentially permit a buffer overflow to occur during a subsequent png_crc_read() operation, it is unclear what practical vulnerabilities it might present in applications using libpng. A similar error exists in the png_handle_hIST() function. VU#817368 - libpng png_handle_sBIT() performs insufficient bounds checkingĪ potentially insufficient bounds check exists within the png_handle_sBIT() function. It is unclear what practical impact this error might have on applications using libpng. ![]() VU#477512 - libpng png_handle_sPLT() integer overflowĪ potential integer overflow error exists during a memory allocation operation within the png_handle_sPLT() function. As a result, a PNG image with excessive height may cause an integer overflow during a memory allocation operation, which could cause the affected application to crash. VU#160448 - libpng integer overflow in image height processingĪn integer overflow error exists in the handling of PNG image height within the png_read_png() function. Similar errors are reported to exist in other locations within libpng. As a result, a PNG image with particular characteristics could cause the affected application to crash. Under some circumstances, a null pointer may be dereferenced during a memory allocation in the png_handle_iCCP() function. VU#236656 - libpng png_handle_iCCP() NULL pointer dereference This vulnerability could allow a remote attacker to execute arbitrary code on a vulnerable system by introducing a specially crafted PNG image. VU#388984 - libpng fails to properly check length of transparency chunk (tRNS) dataĪ buffer overflow vulnerability has been discovered in the way that libpng processes PNG images. More detailed information is available in the individual vulnerability notes: Any application or system that uses this library may be affected. Several vulnerabilities have been reported in the libpng library. The libpng is a popular reference library available for application developers to support the PNG image format. The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |