search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

libpng invalid sCAL chunk processing vulnerability

Vulnerability Note VU#819894

Original Release Date: 2011-07-07 | Last Revised: 2011-07-07

Overview

libpng reads uninitialized memory when processing invalid sCAL chunks.

Description

When libpng encounters a sCAL chunk that is empty it will read uninitialized memory. libpng also does not properly handle a sCAL chunk that lacks the terminating zero between the two strings conveyed.

Additional details can be found on the png-mng-implement mailing list archives.

Impact

By tricking a user into opening a specifically crafted PNG file within an application that uses libpng, an attacker may be able to cause a denial of service crash.

Solution

Apply an Update
This vulnerability is addressed in the following libpng versions: libpng-1.5.4, libpng-1.4.8, libpng-1.2.45, and libpng-1.0.55

Vendor Information

819894
 
Expand all

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Glenn Randers-Pehrson for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2011-2692
Severity Metric: 0.65
Date Public: 2011-07-07
Date First Published: 2011-07-07
Date Last Updated: 2011-07-07 18:39 UTC
Document Revision: 12

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis