Overview
A vulnerability exists in libpng that may allow a remote attacker to cause a denial of service.
Description
A vulnerability in the way libpng handles files that contain multiple zTXt chunks may cause a denial of service. This vulnerability is due to an off-by-one error introduced in the png_push_read_zTXt() function in libpng-1.2.30/pngpread.c. According to the PNG Development Group: Gecko-based applications such as Firefox are not vulnerable because they contain a png_set_keep_unknown_chunks() call that causes the application to ignore the zTXt chunk. Note that this issue affects libpng versions 1.0.38, 1.0.39, 1.2.30, 1.2.31, and libpng-1.4.0beta. |
Impact
A remote, unauthorized attacker may be able to cause a denial of service. |
Solution
Upgrade |
Vendor Information
889484
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- |
| Temporal | 0 | E:ND/RL:ND/RC:ND |
| Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
This issue was reported by the PNG Development Group in libpng version 1.2.32.
This document was written by Chris Taschner.
Other Information
| CVE IDs: | CVE-2008-3964 |
| Severity Metric: | 3.97 |
| Date Public: | 2008-09-05 |
| Date First Published: | 2008-10-02 |
| Date Last Updated: | 2008-10-02 19:57 UTC |
| Document Revision: | 9 |