Alias(es)LibPNG.Grahpics.Library.tRNS.Buffer.Overflow |
Release DateSep 11, 2006 |
Severitycritical |
ImpactSystem compromise: remote code execution. |
DescriptionThis indicates a possible attempt to exploit a buffer overflow vulnerability in libpng.Libpng is the official reference library for reading and writing Portable Network Graphics (PNG) images. Libpng contains a stack based buffer overflow vulnerability due to a flaw in the "png_handle_tRNS()" function. This may allow an attacker to execute arbitrary code on an affected system when a specially crafted image file, with the PLTE chunk intentionally omitted, is opened. |
Affected ProductsAll versions of libpng prior to 1.2.6 of the 1.2.x series and 1.0.16 of the older 1.0.x series are vulnerable. |
Recommended ActionsApply the appropriate patche or upgrade the library to the latest non-vulnerable version. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2004-0597 |
Reference/shttp://scary.beasts.org/security/CESA-2004-001.txthttp://www.securityfocus.com/bid/10857 (BugTraq) |
