Select local site

F-Secure Vulnerability Information :
libpng "png_push_read_zTXt()" Off-By-One Vulnerability
[Summary] | [Detailed Description] | [Solution] | [CVE Reference]

Report ID:SA31781
Source:Secunia
Date of Discovery:08.09.2008
Criticality:Low
Affects:

libpng 1.x
Compromise From:From remote
Compromise Type:DoS
Summary

A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service).
Back to the Top

Detailed Description

A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an off-by-one error within the "png_push_read_zTXt()" function in pngread.c when processing malicious PNG images with specially crafted zTXt chunks, which can be exploited to crash an application using the library.

The vulnerability was reportedly introduced in version 1.2.30beta04 and is reported in version 1.2.31. Other versions may also be affected.

Note: An off-by-one error in pngtest.c was also fixed.
Back to the Top

Solution

Fixed in version 1.2.32beta01.
Back to the Top

CVE Reference
Back to the Top

F-Secure Corporation