CERT/CC Vulnerability Note VU#160448

Overview

The Portable Network Graphics library (libpng) contains a remotely exploitable vulnerability which could cause affected applications to crash.

Description

The Portable Network Graphics (PNG ) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format.

An integer overflow error exists in the handling of PNG image height within the png_read_png() function. As a result, a PNG image with excessive height may cause an integer overflow on a memory allocation and could cause the affected application to crash.

Multiple applications support the PNG image format including web browsers, email clients, and various graphic utilities. Because multiple products have used the libpng reference library to implement native PNG image processing, multiple applications will be affected by this issue in different ways.

Impact

An attacker could cause a vulnerable application to crash by supplying a specially-crafted PNG image. Vulnerable applications that read images from network sources could be exploited remotely.

Solution

Apply a patch from the vendor

Patches have been released to address this vulnerability. Please see the Systems Affected section of this document for more details.

Vendor Information

160448

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Apple Computer Inc. Affected

MontaVista Software Affected

libpng.org Affected

IBM Not Affected

Juniper Networks Not Affected

NEC Corporation Not Affected

BSDI Unknown

Conectiva Unknown

Cray Inc. Unknown

Debian Unknown

Engarde Unknown

FreeBSD Unknown

Fujitsu Unknown

Hewlett-Packard Company Unknown

Hitachi Unknown

IBM eServer Unknown

IBM-zSeries Unknown

IMmunix Unknown

Ingrian Networks Unknown

MandrakeSoft Unknown

Microsoft Corporation Unknown

NETBSD Unknown

Nokia Unknown

Novell Unknown

Openwall GNU/*/Linux Unknown

Red Hat Inc. Unknown

SCO Unknown

SGI Unknown

Sequent Unknown

Sony Corporation Unknown

SuSE Inc. Unknown

Sun Microsystems Inc. Unknown

TurboLinux Unknown

Unisys Unknown

Wind River Systems Inc. Unknown

eMC Corporation Unknown

View all 36 vendors View less vendors

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Chris Evans for reporting this vulnerability.

This document was written by Chad Dougherty and Damon Morda.

Other Information

CVE IDs:	CVE-2004-0599
Severity Metric:	0.97
Date Public:	2004-08-04
Date First Published:	2004-08-04
Date Last Updated:	2004-08-04 15:59 UTC
Document Revision:	18

Software Engineering Institute

CERT Coordination Center

libpng integer overflow in image height processing

Vulnerability Note VU#160448