Skip to main content

libpng `png_decompress_chunk()´ Integer Overflow Vulnerability

Last Update Date: 22 May 2012 Release Date: 17 Feb 2012 5563 Views

RISK: Medium Risk

TYPE: Clients - Graphics & Design

TYPE: Graphics & Design

A vulnerability has been identified in libpng, which can be exploited by malicious people to potentially compromise an application using the library.

The vulnerability is caused due to an integer overflow error within the "png_decompress_chunk()" function (pngrutil.c) when uncompressing certain chunks, which can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code but requires tricking the user into opening a specially crafted PNG file.


Impact

  • Remote Code Execution

System / Technologies affected

  • libpng 1.x

Solutions

  • Do not open PNG files from untrusted sources.

Vulnerability Identifier


Source


Related Link